Vulnerability Details : CVE-2014-3442
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.
Vulnerability category: OverflowMemory CorruptionDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-3442
Probability of exploitation activity in the next 30 days: 1.50%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3442
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-3442
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3442
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/93173
Winamp .flv code execution CVE-2014-3442 Vulnerability Report
-
http://www.securityfocus.com/bid/67429
Winamp '.flv' File Processing Memory Corruption VulnerabilityExploit
-
http://packetstormsecurity.com/files/126636
WinAMP 5.666 Memory Corruption ≈ Packet StormExploit
Products affected by CVE-2014-3442
- cpe:2.3:a:nullsoft:winamp:*:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.03:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.04:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.01:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.02:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.06:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.05:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.07:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08c:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.09:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.091:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.094:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.12:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08d:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.08e:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.13:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.093:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.11:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.21:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.24:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.3:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.33:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.34:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.32:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.22:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.23:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.31:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.35:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.53:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.111:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.36:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.5:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.112:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.51:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.52:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.541:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.55:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.54:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.552:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.551:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.531:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.56:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.58:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.57:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.572:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.581:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.61:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.59:beta:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.54:beta:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.55:beta:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.51:beta:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.623:*:*:*:*:*:*:*
- cpe:2.3:a:nullsoft:winamp:5.63:*:*:*:*:*:*:*