CVE-2025-57156 | owntone-server up to 28.12 src/httpd_dacp.c dacp_reply_playqueueedit_clear null pointer dereference (Issue 1907)

Inserito da Angelo Barbosa | Gen 20, 2026 | CVE

A vulnerability categorized as problematic has been discovered in owntone-server up to 28.12. Impacted is the function dacp_reply_playqueueedit_clear of the file src/httpd_dacp.c. Executing a manipulation can lead to null pointer dereference.

This vulnerability appears as CVE-2025-57156. The attack may be performed from remote. There is no available exploit.

It is advisable to implement a patch to correct this issue.

CVE-2025-57156 | owntone-server up to 28.12 src/httpd_dacp.c dacp_reply_playqueueedit_clear null pointer dereference (Issue 1907)

Post correlati

CVE-2023-48419 | Google Nest Mini 1.56.356012 WiFi privileges management

CVE-2024-23678 | Splunk Enterprise up to 9.0.7/9.1.2 on Windows deserialization (SVD-2024-0108)

CVE-2024-29392 | Silverpeas Core 6.3 ClipboardSessionController cross site scripting

CVE-2024-26491 | Media Gallery with Description Module 2.33 Gallery name cross site scripting