Nullsoft CVE 脆弱性と CVE 一覧(77)

製品(CPE): — CVE 件数: 77

Nullsoft 脆弱性概要

Nullsoft 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。

過去の問題は主に バッファオーバーフロー and vendor risk cross-site scripting などに関し、一部は アプリケーションクラッシュ を招き、vendor surface software deployment and vendor surface production workloads 関連の場面に影響します。

掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。

脆弱性分布の推移(直近24か月)

表示中 4160 / 77 CVE 件数
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2006-3534 Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content". [email protected] 7.8 2.49% 2006-07-12 2026-06-16
CVE-2006-3228 Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including 5.21, allows remote attackers to execute arbitrary code via a crafted .mid (MIDI) file. [email protected] 9.3 11.46% 2006-06-26 2026-06-16
CVE-2006-3007 Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 allow remote attackers to inject arbitrary HTML or web script via the DJ fields (1) Description, (2) URL, (3) Genre, (4) AIM, and (5) ICQ. [email protected] 4.3 1.56% 2006-06-13 2026-06-16
CVE-2006-0720 Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. [email protected] 7.6 10.30% 2006-02-23 2026-06-16
CVE-2006-0708 Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476. [email protected] 9.3 7.07% 2006-02-15 2026-06-16
CVE-2006-0476 Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). [email protected] 7.6 74.51% 2006-01-31 2026-06-16
CVE-2005-3188 Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. [email protected] 7.6 7.20% 2005-12-31 2026-06-16
CVE-2005-2310 Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE. [email protected] 9.3 13.13% 2005-07-19 2026-06-16
CVE-2004-1119 Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file. [email protected] 10.0 17.26% 2005-01-10 2026-06-16
CVE-2004-2384 NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line. [email protected] 5.0 2.62% 2004-12-31 2026-06-16
CVE-2004-1896 Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file. [email protected] 7.6 5.15% 2004-12-31 2026-06-16
CVE-2004-1396 Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file. [email protected] 2.6 3.09% 2004-12-31 2026-06-16
CVE-2004-1150 Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. [email protected] 5.1 8.71% 2004-12-31 2026-06-16
CVE-2004-1373 Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file. [email protected] 7.5 70.07% 2004-12-23 2026-06-16
CVE-2004-0820 Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file. [email protected] 4.6 2.54% 2004-08-28 2026-06-16
CVE-2003-1274 Winamp 3.0 allows remote attackers to cause a denial of service (crash) via .b4s file with a file: argument to the Playstring parameter that contains MS-DOS device names such as aux. [email protected] 5.0 1.23% 2003-12-31 2026-06-16
CVE-2003-1273 Winamp 3.0 allows remote attackers to cause a denial of service (crash) via a .b4s file with a playlist name that contains some non-English characters, e.g. Cyrillic characters. [email protected] 2.1 0.54% 2003-12-31 2026-06-16
CVE-2003-1272 Multiple buffer overflows in Winamp 3.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .b4s file containing (1) a long playlist name or (2) a long path in a file: argument to the Playstring parameter. [email protected] 9.3 4.33% 2003-12-31 2026-06-16
CVE-2003-1174 Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users to cause a denial of service via (1) icy-name followed by a long server name or (2) icy-url followed by a long URL. [email protected] 2.1 1.16% 2003-12-31 2026-06-16
CVE-2003-0765 The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value. [email protected] 7.5 6.78% 2003-09-17 2026-06-16
cvelogic Threat Intelligence