Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Winamp | Nullsoft | * | 5.622 (including) |
| Winamp | Nullsoft | 0.20a (including) | 0.20a (including) |
| Winamp | Nullsoft | 0.92 (including) | 0.92 (including) |
| Winamp | Nullsoft | 1.006 (including) | 1.006 (including) |
| Winamp | Nullsoft | 1.90 (including) | 1.90 (including) |
| Winamp | Nullsoft | 2.0 (including) | 2.0 (including) |
| Winamp | Nullsoft | 2.6 (including) | 2.6 (including) |
| Winamp | Nullsoft | 2.9 (including) | 2.9 (including) |
| Winamp | Nullsoft | 2.10 (including) | 2.10 (including) |
| Winamp | Nullsoft | 2.91 (including) | 2.91 (including) |
| Winamp | Nullsoft | 2.92 (including) | 2.92 (including) |
| Winamp | Nullsoft | 2.95 (including) | 2.95 (including) |
| Winamp | Nullsoft | 5.0 (including) | 5.0 (including) |
| Winamp | Nullsoft | 5.01 (including) | 5.01 (including) |
| Winamp | Nullsoft | 5.1 (including) | 5.1 (including) |
| Winamp | Nullsoft | 5.02 (including) | 5.02 (including) |
| Winamp | Nullsoft | 5.2 (including) | 5.2 (including) |
| Winamp | Nullsoft | 5.3 (including) | 5.3 (including) |
| Winamp | Nullsoft | 5.03 (including) | 5.03 (including) |
| Winamp | Nullsoft | 5.04 (including) | 5.04 (including) |
| Winamp | Nullsoft | 5.05 (including) | 5.05 (including) |
| Winamp | Nullsoft | 5.5 (including) | 5.5 (including) |
| Winamp | Nullsoft | 5.6 (including) | 5.6 (including) |
| Winamp | Nullsoft | 5.06 (including) | 5.06 (including) |
| Winamp | Nullsoft | 5.07 (including) | 5.07 (including) |
| Winamp | Nullsoft | 5.08c (including) | 5.08c (including) |
| Winamp | Nullsoft | 5.08d (including) | 5.08d (including) |
| Winamp | Nullsoft | 5.08e (including) | 5.08e (including) |
| Winamp | Nullsoft | 5.09 (including) | 5.09 (including) |
| Winamp | Nullsoft | 5.11 (including) | 5.11 (including) |
| Winamp | Nullsoft | 5.12 (including) | 5.12 (including) |
| Winamp | Nullsoft | 5.13 (including) | 5.13 (including) |
| Winamp | Nullsoft | 5.21 (including) | 5.21 (including) |
| Winamp | Nullsoft | 5.22 (including) | 5.22 (including) |
| Winamp | Nullsoft | 5.23 (including) | 5.23 (including) |
| Winamp | Nullsoft | 5.24 (including) | 5.24 (including) |
| Winamp | Nullsoft | 5.31 (including) | 5.31 (including) |
| Winamp | Nullsoft | 5.32 (including) | 5.32 (including) |
| Winamp | Nullsoft | 5.33 (including) | 5.33 (including) |
| Winamp | Nullsoft | 5.34 (including) | 5.34 (including) |
| Winamp | Nullsoft | 5.35 (including) | 5.35 (including) |
| Winamp | Nullsoft | 5.51 (including) | 5.51 (including) |
| Winamp | Nullsoft | 5.52 (including) | 5.52 (including) |
| Winamp | Nullsoft | 5.53 (including) | 5.53 (including) |
| Winamp | Nullsoft | 5.54 (including) | 5.54 (including) |
| Winamp | Nullsoft | 5.55 (including) | 5.55 (including) |
| Winamp | Nullsoft | 5.56 (including) | 5.56 (including) |
| Winamp | Nullsoft | 5.57 (including) | 5.57 (including) |
| Winamp | Nullsoft | 5.58 (including) | 5.58 (including) |
| Winamp | Nullsoft | 5.091 (including) | 5.091 (including) |
| Winamp | Nullsoft | 5.093 (including) | 5.093 (including) |
| Winamp | Nullsoft | 5.094 (including) | 5.094 (including) |
| Winamp | Nullsoft | 5.111 (including) | 5.111 (including) |
| Winamp | Nullsoft | 5.112 (including) | 5.112 (including) |
| Winamp | Nullsoft | 5.531 (including) | 5.531 (including) |
| Winamp | Nullsoft | 5.541 (including) | 5.541 (including) |
| Winamp | Nullsoft | 5.551 (including) | 5.551 (including) |
| Winamp | Nullsoft | 5.552 (including) | 5.552 (including) |
| Winamp | Nullsoft | 5.572 (including) | 5.572 (including) |
| Winamp | Nullsoft | 5.581 (including) | 5.581 (including) |