SUSE CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

PT-2026-3655

A NULL pointer dereference in the parse meta function src/httpd daap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

CVE-2025-63647

A NULL pointer dereference in the parsemeta function src/httpddaap.c of owntone-server commit 334beb allows attackers to cause a Denial of Service DoS via sending a crafted DAAP request to the server...

OwnTone security vulnerabilities

OwnTone is an open-source Linux/FreeBSD DAAP iTunes, MPD Music Player Daemon, and RSP Roku media server. OwnTone has a security vulnerability that stems from a null pointer dereferencing in the parsemeta function, which may lead to denial-of-service attacks by sending specially crafted DAAP...

CVE-2025-63647

A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server (commit 334beb) allows a crafted DAAP request to trigger a Denial of Service. The CVE-2025-63647 entry has a CVSS v3.1 base score of 7.5 (HIGH) with network attack vector and low complexity. Multiple vendor...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the parsemetaelementcreate function. An attacker can execute arbitrary code or cause a denial of service condition by causing the vulnerable application to process a malicious DICOM image. Remediation A fix was pushed...

Double Free

Overview Affected versions of this package are vulnerable to Double Free in the parsemetasequenceend function. An attacker can execute arbitrary code or cause a denial of service by causing the vulnerable application to process a malicious DICOM image. Remediation A fix was pushed into the master...

PT-2024-20563 · Libdicom · Libdicom

Name of the Vulnerable Software and Affected Versions: libdicom version 1.0.5 Description: A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom. This issue can be triggered by a specially crafted DICOM file, causing premature freeing o...

SUSE CVE-2020-27756

In ParseMetaGeometry of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses...

DEBIAN-CVE-2020-27756

In ParseMetaGeometry of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses...

UBUNTU-CVE-2020-27756

In ParseMetaGeometry of MagickCore/geometry.c, image height and width calculations can lead to divide-by-zero conditions which also lead to undefined behavior. This flaw can be triggered by a crafted input file processed by ImageMagick and could impact application availability. The patch uses...