CVE-2025-63648 | owntone-server DACP Request src/httpd_dacp.c dacp_reply_playqueueedit_move null pointer dereference (Issue 1933)

Inserito da Angelo Barbosa | Gen 20, 2026 | CVE

A vulnerability was found in owntone-server. It has been rated as problematic. This issue affects the function dacp_reply_playqueueedit_move of the file src/httpd_dacp.c of the component DACP Request Handler. Performing a manipulation results in null pointer dereference.

This vulnerability is reported as CVE-2025-63648. The attack is possible to be carried out remotely. No exploit exists.

To fix this issue, it is recommended to deploy a patch.

CVE-2025-63648 | owntone-server DACP Request src/httpd_dacp.c dacp_reply_playqueueedit_move null pointer dereference (Issue 1933)

Post correlati

CVE-2025-6017 | Red Hat Advanced Cluster Management for Kubernetes 2 up to 2.12.4 UI exposure of private personal information to an unauthorized actor

CVE-2025-22245 | VMware NSX Router Port cross site scripting

CVE-2025-9047 | projectworlds Visitor Management System 1.0 /visitor_out.php rid sql injection

CVE-2025-41093 | Global Planning Solutions BOLD Workplanner up to 2.5.24 authorization