Aggregates CVE and security vulnerability intelligence across all winamp-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk denial of service and related problems; some flaws may lead to vendor impact application crash and vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2013-4695 | Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution | [email protected] | 7.8 | 3.26% | 2019-12-27 | 2024-11-21 |
| CVE-2017-10728 | Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Error Code (0xe06d7363) starting at wow64!Wow64NotifyDebugger+0x000000000000001d." | [email protected] | 7.8 | 0.36% | 2017-07-05 | 2026-05-13 |
| CVE-2017-10727 | Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address controls Branch Selection starting at in_mp3!DeleteAudioDecoder+0x000000000000762f." | [email protected] | 7.8 | 0.36% | 2017-07-05 | 2026-05-13 |
| CVE-2017-10726 | Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address may be used as a return value starting at f263!GetWinamp5SystemComponent+0x0000000000001951." | [email protected] | 7.8 | 0.36% | 2017-07-05 | 2026-05-13 |
| CVE-2017-10725 | Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address controls Code Flow starting at in_flv!winampGetInModule2+0x00000000000009a8." | [email protected] | 7.3 | 0.06% | 2017-07-05 | 2026-05-13 |
| CVE-2008-0065 | Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles. | [email protected] | 10.0 | 72.36% | 2008-01-22 | 2026-04-23 |
| CVE-2007-6403 | Stack-based buffer overflow in Nullsoft Winamp 5.32 allows user-assisted remote attackers to execute arbitrary code via crafted unicode in a .mp4 file, with crafted tags, contained in a certain .rar archive, a related issue to CVE-2007-2498. NOTE: for exploitation, the victim must select a certain menu option at the time of the attack. | [email protected] | 6.8 | 4.73% | 2007-12-17 | 2026-04-23 |