Owntone Server

4 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-63648 HIGH PATCH This Week

A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server. [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Owntone Server Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63647 HIGH POC PATCH This Week

A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server. [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Owntone Server Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-57156 HIGH POC PATCH This Week

NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash). [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Owntone Server Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-57155 HIGH PATCH This Week

NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service. [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Owntone Server Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-63648
EPSS 0% CVSS 7.5
HIGH PATCH This Week

A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server. [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Owntone Server +1
NVD GitHub
CVE-2025-63647
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server. [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Owntone Server +1
NVD GitHub
CVE-2025-57156
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash). [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Owntone Server +1
NVD GitHub
CVE-2025-57155
EPSS 0% CVSS 7.5
HIGH PATCH This Week

NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service. [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Owntone Server +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy