Vulnerability Name:

CVE-2009-4356 (CCN-54884)

Assigned:2009-12-17
Published:2009-12-17
Updated:2018-10-10
Summary:Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.0 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-189
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2009-4356

Source: CONFIRM
Type: Patch
http://forums.winamp.com/showthread.php?threadid=315355

Source: CCN
Type: OSVDB ID: 61185
Winamp Module Decoder Plug-in PNG / JPEG Handling Overflows

Source: BUGTRAQ
Type: UNKNOWN
20091217 VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities

Source: BID
Type: UNKNOWN
37387

Source: CCN
Type: BID-37387
Winamp JPEG and PNG Multiple Integer Overflow Vulnerabilities

Source: VUPEN
Type: Vendor Advisory
ADV-2009-3576

Source: MISC
Type: Exploit, Vendor Advisory
http://www.vupen.com/exploits/Winamp_png_w5s_PNG_Data_Processing_Integer_Overflow_PoC_3576274.php

Source: CCN
Type: Winamp Web site
Winamp Media Player - MP3, Multimedia, and Music Player

Source: XF
Type: UNKNOWN
winamp-png-jpeg-overflow(54884)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:15743

Vulnerable Configuration:Configuration 1:
  • cpe:/a:nullsoft:winamp:0.20a:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:0.92:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:1.006:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:1.90:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.5e:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.6:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.6x:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.7x:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.9:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.10:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.24:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.50:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.60:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.60:*:full:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.60:*:lite:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.61:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.61:*:full:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.62:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.62:*:standard:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.64:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.64:*:standard:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.65:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.70:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.70:*:full:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.71:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.72:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.73:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.73:*:full:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.74:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.75:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.76:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.77:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.78:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.79:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.80:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.81:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.90:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.91:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.92:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:2.95:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.0:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.1:-:surround:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.2:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.3:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.03a:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.05:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.5:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.06:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.07:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.08:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.08:c:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.08:d:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.08:e:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.09:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.11:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.12:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.13:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.21:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.22:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.23:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.24:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.31:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.32:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.33:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.34:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.35:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.36:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.51:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.52:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.53:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.54:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.55:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:*:*:*:*:*:*:*:* (Version <= 5.56)
  • OR cpe:/a:nullsoft:winamp:5.091:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.093:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.094:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.111:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.112:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.531:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.541:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.551:*:*:*:*:*:*:*
  • OR cpe:/a:nullsoft:winamp:5.552:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:nullsoft:winamp:5.56:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:15743
    V
    		Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57
    2014-04-07
    BACK
    nullsoft winamp 0.20a
    nullsoft winamp 0.92
    nullsoft winamp 1.006
    nullsoft winamp 1.90
    nullsoft winamp 2.0
    nullsoft winamp 2.4
    nullsoft winamp 2.5e
    nullsoft winamp 2.6
    nullsoft winamp 2.6x
    nullsoft winamp 2.7x
    nullsoft winamp 2.9
    nullsoft winamp 2.10
    nullsoft winamp 2.24
    nullsoft winamp 2.50
    nullsoft winamp 2.60
    nullsoft winamp 2.60
    nullsoft winamp 2.60
    nullsoft winamp 2.61
    nullsoft winamp 2.61
    nullsoft winamp 2.62
    nullsoft winamp 2.62
    nullsoft winamp 2.64
    nullsoft winamp 2.64
    nullsoft winamp 2.65
    nullsoft winamp 2.70
    nullsoft winamp 2.70
    nullsoft winamp 2.71
    nullsoft winamp 2.72
    nullsoft winamp 2.73
    nullsoft winamp 2.73
    nullsoft winamp 2.74
    nullsoft winamp 2.75
    nullsoft winamp 2.76
    nullsoft winamp 2.77
    nullsoft winamp 2.78
    nullsoft winamp 2.79
    nullsoft winamp 2.80
    nullsoft winamp 2.81
    nullsoft winamp 2.90
    nullsoft winamp 2.91
    nullsoft winamp 2.92
    nullsoft winamp 2.95
    nullsoft winamp 3.0
    nullsoft winamp 3.1
    nullsoft winamp 5.0
    nullsoft winamp 5.0.1
    nullsoft winamp 5.0.2
    nullsoft winamp 5.01
    nullsoft winamp 5.1
    nullsoft winamp 5.1 -
    nullsoft winamp 5.02
    nullsoft winamp 5.2
    nullsoft winamp 5.03
    nullsoft winamp 5.3
    nullsoft winamp 5.03a
    nullsoft winamp 5.04
    nullsoft winamp 5.05
    nullsoft winamp 5.5
    nullsoft winamp 5.06
    nullsoft winamp 5.07
    nullsoft winamp 5.08
    nullsoft winamp 5.08 c
    nullsoft winamp 5.08 d
    nullsoft winamp 5.08 e
    nullsoft winamp 5.08c
    nullsoft winamp 5.08d
    nullsoft winamp 5.08e
    nullsoft winamp 5.09
    nullsoft winamp 5.11
    nullsoft winamp 5.12
    nullsoft winamp 5.13
    nullsoft winamp 5.21
    nullsoft winamp 5.22
    nullsoft winamp 5.23
    nullsoft winamp 5.24
    nullsoft winamp 5.31
    nullsoft winamp 5.32
    nullsoft winamp 5.33
    nullsoft winamp 5.34
    nullsoft winamp 5.35
    nullsoft winamp 5.36
    nullsoft winamp 5.51
    nullsoft winamp 5.52
    nullsoft winamp 5.53
    nullsoft winamp 5.54
    nullsoft winamp 5.55
    nullsoft winamp *
    nullsoft winamp 5.091
    nullsoft winamp 5.093
    nullsoft winamp 5.094
    nullsoft winamp 5.111
    nullsoft winamp 5.112
    nullsoft winamp 5.531
    nullsoft winamp 5.541
    nullsoft winamp 5.551
    nullsoft winamp 5.552
    nullsoft winamp 5.56