lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 17 Dec 2009 16:53:44 +0100
From: "VUPEN Security Research" <advisories@...en.com>
To: <bugtraq@...urityfocus.com>
Subject: VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow Vulnerabilities 

VUPEN Security Research - Winamp PNG and JPEG Data Integer Overflow 
Vulnerabilities

http://www.vupen.com/english/research.php


I. BACKGROUND
--------------------- 

Winamp is a proprietary media player written by Nullsoft,
now a subsidiary of AOL. It is skinnable, multi-format
freeware/shareware (from Wikipedia).

Winamp is a one of the world's most popular media players
with over 73 million users globally (comScore Media Metrix,
January 2009).


II. DESCRIPTION
--------------------- 

VUPEN Vulnerability Research Team discovered critical
vulnerabilities affecting Winamp.

These vulnerabilities are caused due to integer overflow errors within
the "jpeg.w5s" and "png.w5s" filters when processing malformed
JPEG or PNG data in a media (e.g. MP3) file, which could allow
attackers to execute arbitrary code by tricking a user into opening
a specially crafted MP3.


III. AFFECTED PRODUCTS
--------------------------------

Winamp version 5.56 and prior


IV. Exploits - PoCs & Binary Analysis
----------------------------------------

In-depth binary analysis of the vulnerabilities and proof-of-concept
codes have been released by VUPEN Security through the
VUPEN Exploits & PoCs Service :

http://www.vupen.com/exploits


V. SOLUTION
---------------- 

Upgrade to Winamp version 5.57 :
http://www.winamp.com/media-player


VI. CREDIT
-------------- 
The vulnerabilities were discovered by Nicolas JOLY of VUPEN Security


VII. REFERENCES
----------------------

http://www.vupen.com/english/advisories/2009/3576
http://forums.winamp.com/showthread.php?threadid=315355


VIII. DISCLOSURE TIMELINE
----------------------------------- 

2009-11-25 - Vendor notified
2009-11-25 - Vendor response
2009-12-02 - Status update received
2009-12-17 - Coordinated public Disclosure



Powered by blists - more mailing lists