CVE-2009-3995

EUVD-2009-3966
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file.  NOTE: some of these details are obtained from third party information.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
Affected Products (NVD)
VendorProductVersion
nullsoftwinamp
𝑥
≤ 5.56
nullsoftwinamp
0.20a:a
nullsoftwinamp
0.92
nullsoftwinamp
1.006
nullsoftwinamp
1.90
nullsoftwinamp
2.0
nullsoftwinamp
2.4
nullsoftwinamp
2.5e:e
nullsoftwinamp
2.6
nullsoftwinamp
2.6x:x
nullsoftwinamp
2.7x:x
nullsoftwinamp
2.9
nullsoftwinamp
2.10
nullsoftwinamp
2.24
nullsoftwinamp
2.50
nullsoftwinamp
2.60
nullsoftwinamp
2.60
nullsoftwinamp
2.60
nullsoftwinamp
2.61
nullsoftwinamp
2.61
nullsoftwinamp
2.62
nullsoftwinamp
2.62
nullsoftwinamp
2.64
nullsoftwinamp
2.64
nullsoftwinamp
2.65
nullsoftwinamp
2.70
nullsoftwinamp
2.70
nullsoftwinamp
2.71
nullsoftwinamp
2.72
nullsoftwinamp
2.73
nullsoftwinamp
2.73
nullsoftwinamp
2.74
nullsoftwinamp
2.75
nullsoftwinamp
2.76
nullsoftwinamp
2.77
nullsoftwinamp
2.78
nullsoftwinamp
2.79
nullsoftwinamp
2.80
nullsoftwinamp
2.81
nullsoftwinamp
2.90
nullsoftwinamp
2.91
nullsoftwinamp
2.92
nullsoftwinamp
2.95
nullsoftwinamp
3.0
nullsoftwinamp
3.1
nullsoftwinamp
5.0
nullsoftwinamp
5.0.1
nullsoftwinamp
5.0.2
nullsoftwinamp
5.01
nullsoftwinamp
5.1
nullsoftwinamp
5.1
nullsoftwinamp
5.02
nullsoftwinamp
5.2
nullsoftwinamp
5.3
nullsoftwinamp
5.03
nullsoftwinamp
5.03a:a
nullsoftwinamp
5.04
nullsoftwinamp
5.05
nullsoftwinamp
5.5
nullsoftwinamp
5.06
nullsoftwinamp
5.07
nullsoftwinamp
5.08
nullsoftwinamp
5.08:c
nullsoftwinamp
5.08:d
nullsoftwinamp
5.08:e
nullsoftwinamp
5.08c:c
nullsoftwinamp
5.08d:d
nullsoftwinamp
5.08e:e
nullsoftwinamp
5.09
nullsoftwinamp
5.11
nullsoftwinamp
5.12
nullsoftwinamp
5.13
nullsoftwinamp
5.21
nullsoftwinamp
5.22
nullsoftwinamp
5.23
nullsoftwinamp
5.24
nullsoftwinamp
5.31
nullsoftwinamp
5.32
nullsoftwinamp
5.33
nullsoftwinamp
5.34
nullsoftwinamp
5.35
nullsoftwinamp
5.36
nullsoftwinamp
5.51
nullsoftwinamp
5.52
nullsoftwinamp
5.53
nullsoftwinamp
5.54
nullsoftwinamp
5.55
nullsoftwinamp
5.091
nullsoftwinamp
5.093
nullsoftwinamp
5.094
nullsoftwinamp
5.111
nullsoftwinamp
5.112
nullsoftwinamp
5.531
nullsoftwinamp
5.541
nullsoftwinamp
5.551
nullsoftwinamp
5.552
raphael_assenatlibmikmod
3.1.12
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libmikmod
bookworm
3.3.11.1-7
fixed
bullseye
3.3.11.1-6
fixed
sid
3.3.11.1-8
fixed
trixie
3.3.11.1-8
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libmikmod
dapper
ignored
hardy
Fixed 3.1.11-6ubuntu3.8.04.1
released
intrepid
ignored
jaunty
Fixed 3.1.11-6ubuntu3.9.04.1
released
karmic
Fixed 3.1.11-6ubuntu4.1
released
lucid
Fixed 3.1.11-6.1ubuntu0.1
released
Common Weakness Enumeration
References
http://forums.winamp.com/showthread.php?threadid=315355
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://secunia.com/advisories/37495
http://secunia.com/advisories/40799
http://secunia.com/secunia_research/2009-52/
http://secunia.com/secunia_research/2009-53/
http://secunia.com/secunia_research/2009-55/
http://www.mandriva.com/security/advisories?name=MDVSA-2010:151
http://www.securityfocus.com/archive/1/508526/100/0/threaded
http://www.securityfocus.com/archive/1/508527/100/0/threaded
http://www.securityfocus.com/bid/37374
http://www.vupen.com/english/advisories/2009/3575
http://www.vupen.com/english/advisories/2010/1107
http://www.vupen.com/english/advisories/2010/1957
http://forums.winamp.com/showthread.php?threadid=315355
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://secunia.com/advisories/37495
http://secunia.com/advisories/40799
http://secunia.com/secunia_research/2009-52/
http://secunia.com/secunia_research/2009-53/
http://secunia.com/secunia_research/2009-55/
http://www.mandriva.com/security/advisories?name=MDVSA-2010:151
http://www.securityfocus.com/archive/1/508526/100/0/threaded
http://www.securityfocus.com/archive/1/508527/100/0/threaded
http://www.securityfocus.com/bid/37374
http://www.vupen.com/english/advisories/2009/3575
http://www.vupen.com/english/advisories/2010/1107
http://www.vupen.com/english/advisories/2010/1957