Winamp 5.58 eliminates critical FLV vulnerabilities
Nullsoft has released version 5.58 of Winamp, the popular media player, closing critical vulnerabilities that could be exploited by an attacker to compromise a user's system. According to French security services provider VUPEN, the problem is related to integer and buffer overflow issues within the VP6 decoder "vp6.w5s" used by Winamp when opening a specially crafted Flash Video (FLV) file. For an attack to be successful, a victim must first open a manipulated media file.
All versions up to and including 5.572 are reportedly affected. While version 5.58 of Winamp closed the vulnerability, version 5.581 has already been released to address bugs found in the previous version. All users are advised to upgrade to the latest release as soon as possible.
- Winamp Player FLV Data Processing Integer Overflow Vulnerabilities, security advisory from VUPEN Security.