77 matches found
SUSE CVE-2025-57156
NULL pointer dereference in the dacpreplyplayqueueeditclear function in src/httpddacp.c in owntone-server through commit 6d604a1 newer commit after version 28.12 allows remote attackers to cause a Denial of Service crash...
SUSE CVE-2025-63647
A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...
SUSE CVE-2025-63648
A NULL pointer dereference in the dacpreplyplayqueueeditmove function src/httpddacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...
CVE-2025-57155
NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...
CVE-2025-57156
NULL pointer dereference in the dacpreplyplayqueueeditclear function in src/httpddacp.c in owntone-server through commit 6d604a1 newer commit after version 28.12 allows remote attackers to cause a Denial of Service crash...
CVE-2025-63647
A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...
CVE-2025-63648
A NULL pointer dereference in the dacpreplyplayqueueeditmove function src/httpddacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...
CVE-2025-63648
A NULL pointer dereference in the dacpreplyplayqueueeditmove function src/httpddacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...
CVE-2025-63647
A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...
CVE-2025-57155
NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...
CVE-2025-57156
NULL pointer dereference in the dacpreplyplayqueueeditclear function in src/httpddacp.c in owntone-server through commit 6d604a1 newer commit after version 28.12 allows remote attackers to cause a Denial of Service crash...
PT-2026-3654
Name of the Vulnerable Software and Affected Versions owntone-server versions prior to the commit 6d604a1 Description A flaw exists in owntone-server due to a NULL pointer dereference within the dacp reply playqueueedit clear function, located in the src/httpd dacp.c file. This issue, present...
CVE-2025-63647
A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server (commit 334beb) allows a crafted DAAP request to trigger a Denial of Service. The CVE-2025-63647 entry has a CVSS v3.1 base score of 7.5 (HIGH) with network attack vector and low complexity. Multiple vendor...
CVE-2025-57156
Summary (CVE-2025-57156) : A NULL pointer dereference in the owntone-server component, specifically in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c, can be triggered by a remote attacker through commits up to 6d604a1 (post-version 28.12). This vulnerability allows remote Denial...
CVE-2025-63648
CVE-2025-63648 concerns a NULL pointer dereference in the function dacp_reply_playqueueedit_move (src/httpd_dacp.c) in owntone-server, triggered by a crafted DACP request. The issue is tied to commit b7e385f and has been reported across multiple sources (SUSE, Red Hat, NVD, OSV, CVE lists). Docum...
CVE-2025-63647
A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...
CVE-2025-63648
A NULL pointer dereference in the dacpreplyplayqueueeditmove function src/httpddacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...
CVE-2025-57155
NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...
CVE-2025-57155
NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...
CVE-2025-63647
A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...