In association with heise online

14 July 2010, 13:43

Winamp 5.58 eliminates critical FLV vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Winamp Logo Nullsoft has released version 5.58 of Winamp, the popular media player, closing critical vulnerabilities that could be exploited by an attacker to compromise a user's system. According to French security services provider VUPEN, the problem is related to integer and buffer overflow issues within the VP6 decoder "vp6.w5s" used by Winamp when opening a specially crafted Flash Video (FLV) file. For an attack to be successful, a victim must first open a manipulated media file.

All versions up to and including 5.572 are reportedly affected. While version 5.58 of Winamp closed the vulnerability, version 5.581 has already been released to address bugs found in the previous version. All users are advised to upgrade to the latest release as soon as possible.

More details about the release can be found in the official announcement blog post and in the 5.58 and 5.581 release notes. Winamp 5.581 is available to download for Windows.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit