Skip to main content

Winamplibsndfile.dll VOC File Processing Heap Overflow Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 19 May 2009 5332 Views

RISK: Medium Risk

A vulnerability has been identified in Winamp, which could be exploited by remote attackers to compromise a vulnerable system.This issue is caused by a buffer overflow error when processing a malformed VOC file.

These issues are caused by buffer overflow errors in the "voc_read_header()" [src/voc.c] and "aiff_read_header()" [src/aiff.c] functions when processing specially crafted VOC and AIFF files, which could be exploited by attackers to crash an affected application or execute arbitrary code by tricking a user into opening a malicious file.

Successful exploitation may allow execution of arbitrary code.


Impact

  • Remote Code Execution

System / Technologies affected

  • Winamp version 5.552 and prior

Solutions

Note: It is not aware of any vendor-supplied patch.

Workaround:

Do not open untrusted files in Winamp.


Vulnerability Identifier

  • No CVE information is available

Source


Related Link