CVE-2025-63647 | owntone-server DAAP Request src/httpd_daap.c parse_meta null pointer dereference

Inserito da Angelo Barbosa | Gen 20, 2026 | CVE

A vulnerability identified as problematic has been detected in owntone-server. The affected element is the function parse_meta of the file src/httpd_daap.c of the component DAAP Request Handler. The manipulation leads to null pointer dereference.

This vulnerability is traded as CVE-2025-63647. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Applying a patch is the recommended action to fix this issue.

CVE-2025-63647 | owntone-server DAAP Request src/httpd_daap.c parse_meta null pointer dereference

Post correlati

CVE-2024-45517 | Zimbra Collaboration Suite up to 10.1 Webmail/Admin Panel /h/rest cross site scripting

CVE-2025-50124 | Schneider Electric EcoStruxure IT Data Center Expert privileges management (SEVD-2025-189-01)

CVE-2024-42783 | Kashipara Music Management System 1.0 manage_playlist_items.php pid sql injection

CVE-2024-9863 | miniOrange OTP Verification with Firebase Plugin up to 3.6.0 on WordPress Registration Privilege Escalation