CVE-2026-49127 | MusicPlayerDaemon MPD up to 0.24.10 PCM Decoder src/pcm/Pack.cxx pcm_unpack_24be off-by-one (News 2485)

Inserito da Angelo Barbosa | Mag 28, 2026 | CVE

A vulnerability marked as critical has been reported in MusicPlayerDaemon MPD up to 0.24.10. The affected element is the function pcm_unpack_24be of the file src/pcm/Pack.cxx of the component PCM Decoder. Performing a manipulation results in off-by-one.

This vulnerability is reported as CVE-2026-49127. The attack is possible to be carried out remotely. No exploit exists.

It is suggested to upgrade the affected component.

CVE-2026-49127 | MusicPlayerDaemon MPD up to 0.24.10 PCM Decoder src/pcm/Pack.cxx pcm_unpack_24be off-by-one (News 2485)

Post correlati

CVE-2024-33955 | Theme Freesia Freesia Empire Plugin up to 1.4.1 on WordPress cross site scripting

CVE-2025-53816 | ipavlov 7-Zip up to 24.x RAR5 heap-based overflow (GHSL-2025-058)

CVE-2024-25103 | CDAC AppSamvid up to 2.0.1 untrusted search path (CIVN-2024-0081)

CVE-2024-31343 | Sonaar Music MP3 Audio Player for Music, Radio & Podcast Plugin authorization