CVE-2009-3996

EUVD-2009-3967
Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
nullsoftwinamp
𝑥
≤ 5.56
nullsoftwinamp
0.20a:a
nullsoftwinamp
0.92
nullsoftwinamp
1.006
nullsoftwinamp
1.90
nullsoftwinamp
2.0
nullsoftwinamp
2.4
nullsoftwinamp
2.5e:e
nullsoftwinamp
2.6
nullsoftwinamp
2.6x:x
nullsoftwinamp
2.7x:x
nullsoftwinamp
2.9
nullsoftwinamp
2.10
nullsoftwinamp
2.24
nullsoftwinamp
2.50
nullsoftwinamp
2.60
nullsoftwinamp
2.60
nullsoftwinamp
2.60
nullsoftwinamp
2.61
nullsoftwinamp
2.61
nullsoftwinamp
2.62
nullsoftwinamp
2.62
nullsoftwinamp
2.64
nullsoftwinamp
2.64
nullsoftwinamp
2.65
nullsoftwinamp
2.70
nullsoftwinamp
2.70
nullsoftwinamp
2.71
nullsoftwinamp
2.72
nullsoftwinamp
2.73
nullsoftwinamp
2.73
nullsoftwinamp
2.74
nullsoftwinamp
2.75
nullsoftwinamp
2.76
nullsoftwinamp
2.77
nullsoftwinamp
2.78
nullsoftwinamp
2.79
nullsoftwinamp
2.80
nullsoftwinamp
2.81
nullsoftwinamp
2.90
nullsoftwinamp
2.91
nullsoftwinamp
2.92
nullsoftwinamp
2.95
nullsoftwinamp
3.0
nullsoftwinamp
3.1
nullsoftwinamp
5.0
nullsoftwinamp
5.0.1
nullsoftwinamp
5.0.2
nullsoftwinamp
5.01
nullsoftwinamp
5.1
nullsoftwinamp
5.1
nullsoftwinamp
5.02
nullsoftwinamp
5.2
nullsoftwinamp
5.3
nullsoftwinamp
5.03
nullsoftwinamp
5.03a:a
nullsoftwinamp
5.04
nullsoftwinamp
5.05
nullsoftwinamp
5.5
nullsoftwinamp
5.06
nullsoftwinamp
5.07
nullsoftwinamp
5.08
nullsoftwinamp
5.08:c
nullsoftwinamp
5.08:d
nullsoftwinamp
5.08:e
nullsoftwinamp
5.08c:c
nullsoftwinamp
5.08d:d
nullsoftwinamp
5.08e:e
nullsoftwinamp
5.09
nullsoftwinamp
5.11
nullsoftwinamp
5.12
nullsoftwinamp
5.13
nullsoftwinamp
5.21
nullsoftwinamp
5.22
nullsoftwinamp
5.23
nullsoftwinamp
5.24
nullsoftwinamp
5.31
nullsoftwinamp
5.32
nullsoftwinamp
5.33
nullsoftwinamp
5.34
nullsoftwinamp
5.35
nullsoftwinamp
5.36
nullsoftwinamp
5.51
nullsoftwinamp
5.52
nullsoftwinamp
5.53
nullsoftwinamp
5.54
nullsoftwinamp
5.55
nullsoftwinamp
5.091
nullsoftwinamp
5.093
nullsoftwinamp
5.094
nullsoftwinamp
5.111
nullsoftwinamp
5.112
nullsoftwinamp
5.531
nullsoftwinamp
5.541
nullsoftwinamp
5.551
nullsoftwinamp
5.552
raphael_assenatlibmikmod
3.1.12
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libmikmod
bookworm
3.3.11.1-7
fixed
bullseye
3.3.11.1-6
fixed
sid
3.3.11.1-8
fixed
trixie
3.3.11.1-8
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libmikmod
dapper
ignored
hardy
Fixed 3.1.11-6ubuntu3.8.04.1
released
intrepid
ignored
jaunty
Fixed 3.1.11-6ubuntu3.9.04.1
released
karmic
Fixed 3.1.11-6ubuntu4.1
released
lucid
Fixed 3.1.11-6.1ubuntu0.1
released
Common Weakness Enumeration
References
http://forums.winamp.com/showthread.php?threadid=315355
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://secunia.com/advisories/37495
http://secunia.com/secunia_research/2009-55/
http://secunia.com/secunia_research/2009-56/
http://www.mandriva.com/security/advisories?name=MDVSA-2010:151
http://www.securityfocus.com/archive/1/508528/100/0/threaded
http://www.securityfocus.com/bid/37374
http://www.vupen.com/english/advisories/2009/3575
http://www.vupen.com/english/advisories/2010/1107
http://forums.winamp.com/showthread.php?threadid=315355
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://secunia.com/advisories/37495
http://secunia.com/secunia_research/2009-55/
http://secunia.com/secunia_research/2009-56/
http://www.mandriva.com/security/advisories?name=MDVSA-2010:151
http://www.securityfocus.com/archive/1/508528/100/0/threaded
http://www.securityfocus.com/bid/37374
http://www.vupen.com/english/advisories/2009/3575
http://www.vupen.com/english/advisories/2010/1107