Home

CVE-2009-3995

Description

Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.

Risk Information

Base Score
9.8
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
12.211

Associated Vulnerability

VulnerabilityOS Platform
Vulnerability CVE-2009-1788,CVE-2009-1791,CVE-2009-3995,CVE-2009-3996 are affected in Winamp 5.552Windows
(RHSA-2010:0720) Moderate: mikmod security update mikmod-3.1.6-39.el5_5.1.i386.rpmLinux
(RHSA-2010:0720) Moderate: mikmod security update mikmod-3.1.6-39.el5_5.1.x86_64.rpmLinux
(RHSA-2010:0720) Moderate: mikmod security update mikmod-devel-3.1.6-39.el5_5.1.i386.rpmLinux
(RHSA-2010:0720) Moderate: mikmod security update mikmod-devel-3.1.6-39.el5_5.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234