CVE-2007-1922
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
10/04/2007
Last modified:
09/04/2025
Description
The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.
Impact
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=dailydave&m=117589949000906&w=2
- http://marc.info/?l=dailydave&m=117590046601511&w=2
- http://osvdb.org/34430
- http://osvdb.org/34431
- http://securityreason.com/securityalert/2532
- http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt
- http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt
- http://www.securityfocus.com/archive/1/464890/100/0/threaded
- http://www.securityfocus.com/archive/1/464893/100/0/threaded
- http://www.securityfocus.com/bid/23350
- http://www.securitytracker.com/id?1017886=
- http://www.vupen.com/english/advisories/2007/1286
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33480
- http://marc.info/?l=dailydave&m=117589949000906&w=2
- http://marc.info/?l=dailydave&m=117590046601511&w=2
- http://osvdb.org/34430
- http://osvdb.org/34431
- http://securityreason.com/securityalert/2532
- http://www.piotrbania.com/all/adv/nullsoft-winamp-it_module-in_mod-adv.txt
- http://www.piotrbania.com/all/adv/nullsoft-winamp-s3m_module-in_mod-adv.txt
- http://www.securityfocus.com/archive/1/464890/100/0/threaded
- http://www.securityfocus.com/archive/1/464893/100/0/threaded
- http://www.securityfocus.com/bid/23350
- http://www.securitytracker.com/id?1017886=
- http://www.vupen.com/english/advisories/2007/1286
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33480