In association with heise online

18 December 2009, 17:09

Winamp 5.57 eliminates vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Winamp Logo Nullsoft has released version 5.57 of Winamp, the popular media player, closing several critical vulnerabilities that could be exploited to compromise a user's system and fixing a number of bugs. According to security services provider Secunia, many of the problems were caused by boundary errors in the Module Decoder Plug-in (IN_MOD.DLL) that can be exploited to cause heap-based buffer overflows using a specially crafted "Impulse Tracker" file. For an attack to be successful, a victim must first open a manipulated media file.

Other vulnerabilities include an error when parsing PNG or JPEG data files, leading to memory corruption and an issue when parsing Oktalyzer files, leading to a heap-based buffer overflow. All versions up to and including 5.56 are reportedly affected.

More details about the release can be found in the official announcement blog post and release notes. Winamp 5.57 is available to download for Windows. All users are advised to upgrade to the latest release as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit