Winamp iPod Plugin Audio Book File Handling Remote Denial-of-Service Vulnerability

Bugtraq ID:	21569
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 12 2006 12:00AM
Updated:	Dec 13 2006 10:33AM
Credit:	Luigi Auriemma is credited with the discovery of this vulnerability.
Vulnerable:	Winamp iPod Plugin Winamp iPod Plugin 2.00 p19 Winamp iPod Plugin Winamp iPod Plugin 2.00
Not Vulnerable:

Winamp iPod Plugin Audio Book File Handling Remote Denial-of-Service Vulnerability

Winamp iPod Plugin is prone to a remote denial-of-service vulnerability because of an improper read operation when loading malformed audio book files.

An attacker can exploit this issue to trigger a crash.

Winamp iPod Plugin 2.00p19 and prior versions are vulnerable to this issue.

Winamp iPod Plugin Audio Book File Handling Remote Denial-of-Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]

Winamp iPod Plugin Audio Book File Handling Remote Denial-of-Service Vulnerability

Solution:
A CVS fix is reportedly available from the vendor. Please contact the vendor for more information.

Winamp iPod Plugin Audio Book File Handling Remote Denial-of-Service Vulnerability

References:

• Winamp iPod Plugin (ml_ipod) (Luigi Auriemma)
  
• Winamp iPod Plugin Home Page (Winamp iPod Plugin)