96 matches found
CVE-2025-63648
CVE-2025-63648 concerns a NULL pointer dereference in the function dacp_reply_playqueueedit_move (src/httpd_dacp.c) in owntone-server, triggered by a crafted DACP request. The issue is tied to commit b7e385f and has been reported across multiple sources (SUSE, Red Hat, NVD, OSV, CVE lists). Docum...
CVE-2025-63647
A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...
CVE-2025-63648
A NULL pointer dereference in the dacpreplyplayqueueeditmove function src/httpddacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...
CVE-2025-57155
NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...
CVE-2025-57156
NULL pointer dereference in the dacpreplyplayqueueeditclear function in src/httpddacp.c in owntone-server through commit 6d604a1 newer commit after version 28.12 allows remote attackers to cause a Denial of Service crash...
OwnTone security vulnerabilities
OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server. OwnTone has a security vulnerability that stems from a null pointer dereferencing in the parsemeta function, which may lead to denial-of-service attacks by sending specially crafted DAAP...
CVE-2025-57155
NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...
CVE-2025-63647
A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...
OwnTone security vulnerabilities
OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server. OwnTone has a security vulnerability that stems from a null pointer dereferencing in the dacpreplyplayqueueeditmove function. This vulnerability could lead to denial-of-service attacks by...
OwnTone security vulnerabilities
OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server. OwnTone has a security vulnerability that stems from a null pointer dereferencing in the daapreplygroups function, which may lead to a denial-of-service attack...
CVE-2025-57156
NULL pointer dereference in the dacpreplyplayqueueeditclear function in src/httpddacp.c in owntone-server through commit 6d604a1 newer commit after version 28.12 allows remote attackers to cause a Denial of Service crash...
CVE-2025-63648
A NULL pointer dereference in the dacpreplyplayqueueeditmove function src/httpddacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...
CVE-2025-57156
NULL pointer dereference in the dacpreplyplayqueueeditclear function in src/httpddacp.c in owntone-server through commit 6d604a1 newer commit after version 28.12 allows remote attackers to cause a Denial of Service crash...
CVE-2025-57155
NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...
OwnTone security vulnerabilities
OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server. OwnTone has a security vulnerability that stems from a null pointer dereferencing in the dacpreplyplayqueueeditclear function, which may lead to a denial-of-service attack...
CVE-2025-63648
A NULL pointer dereference in the dacpreplyplayqueueeditmove function src/httpddacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...
CVE-2025-57156
NULL pointer dereference in the dacpreplyplayqueueeditclear function in src/httpddacp.c in owntone-server through commit 6d604a1 newer commit after version 28.12 allows remote attackers to cause a Denial of Service crash...
PT-2026-3655
A NULL pointer dereference in the parse meta function src/httpd daap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...
CVE-2025-57155
NULL pointer dereference in the daapreplygroups function in src/httpddaap.c in owntone-server through commit 5e6f19a newer commit after version 28.2 allows remote attackers to cause a Denial of Service...
PT-2026-3656
A NULL pointer dereference in the dacp reply playqueueedit move function src/httpd dacp.c of owntone-server commit b7e385f allows attackers to cause a Denial of Service DoS via sending a crafted DACP request to the server...