Somebody spent some time checking Winamp for unchecked buffers and found some (in the id3v2 handling). Apparently these are fixed by updates for Winamp 2.81 and Winamp3 around 17 Dec 2002 that may have gone unnoticed by most users. Version numbers were not changed (which I think is silly).

edit: seems this was reported some weeks earlier but in a thread that looked like it was discussing the Windoze MP at first.


From the Winamp site
QUOTE
Looks like someone out there discovered how to make programs crash by screwing around with the id3 tags in music files. We have taken measures to block anyone from taking advantage of you by adding a few security fixes to both Winamp 2.81 and Winamp3.

We would like to say that these builds have new features but in actuality they are the same versions of the programs that you already know and love. However, to be fully protected, we suggest that you download the latest versions of them from our site right away.

If you haven't downloaded Winamp since 12-17-2002 then you are vulnerable to the security exploit.

Go grab the new builds of Winamp3 and Winamp 2.81 now.


BTW Buffer overflows could cause far more harm, security wise, than just crash the program, as they could be exploited to execute arbitrary commands on your computer.
--
Ge Someone