Winamp MP4 File Parsing Buffer Overflow Vulnerability

Bugtraq ID:	23723
Class:	Boundary Condition Error
CVE:	CVE-2007-2498
Remote:	Yes
Local:	No
Published:	Apr 30 2007 12:00AM
Updated:	Nov 04 2008 02:55AM
Credit:	Marsu is credited with discovering this issue.
Vulnerable:	NullSoft Winamp 5.3.2 NullSoft Winamp 5.34 NullSoft Winamp 5.33 NullSoft Winamp 5.31 NullSoft Winamp 5.3 NullSoft Winamp 5.24 NullSoft Winamp 5.22 NullSoft Winamp 5.21 NullSoft Winamp 5.2 NullSoft Winamp 5.13 NullSoft Winamp 5.12 NullSoft Winamp 5.11
Not Vulnerable:	NullSoft Winamp 5.34a

Winamp MP4 File Parsing Buffer Overflow Vulnerability

Winamp is prone to a buffer-overflow vulnerability when it attempts to process certain files. This issue occurs because the application fails to properly check boundaries on user-supplied data before copying it to an insufficiently sized memory buffer.

Successful exploits can allow attackers to execute arbitrary code with the privileges of the user running the vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Winamp 5.02 through 5.34.

UPDATE: The vendor states that this issue will be addressed in Winamp 5.35.

Winamp MP4 File Parsing Buffer Overflow Vulnerability

The following exploit code is available:

• /data/vulnerabilities/exploits/23723.c
• /data/vulnerabilities/exploits/23723.pl

Winamp MP4 File Parsing Buffer Overflow Vulnerability

Solution:
The vendor released a patch to address this issue. Please see the references for more information.

Winamp MP4 File Parsing Buffer Overflow Vulnerability

References:

• Winamp 5.34a Security Patch (Nullsoft)
  
• Winamp Homepage (Nullsoft)
  
• Nullsoft Winamp MP4 tags Stack Overflow ([email protected])