CVE-2025-63647 | owntone-server DAAP Request src/httpd_daap.c parse_meta null pointer dereference

Inserito da Angelo Barbosa | Gen 20, 2026 | CVE

A vulnerability identified as problematic has been detected in owntone-server. The affected element is the function parse_meta of the file src/httpd_daap.c of the component DAAP Request Handler. The manipulation leads to null pointer dereference.

This vulnerability is traded as CVE-2025-63647. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Applying a patch is the recommended action to fix this issue.

CVE-2025-63647 | owntone-server DAAP Request src/httpd_daap.c parse_meta null pointer dereference

Post correlati

CVE-2025-13181 | pojoin h3blog 1.0 /admin/cms/material/add Name cross site scripting

CVE-2023-49343 | budgie-dropby symlink

CVE-2023-7050 | PHPGurukul Online Notes Sharing System 1.0 user/profile.php name/email cross site scripting

CVE-2024-0279 | Kashipara Food Management System up to 1.0 item_list_edit.php id sql injection