Vulnerability Details CVE-2025-57156
NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash).
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.7%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2025-57156
-
cpe:2.3:a:owntone_project:owntone:-
-
cpe:2.3:a:owntone_project:owntone:0.10
-
cpe:2.3:a:owntone_project:owntone:0.11
-
cpe:2.3:a:owntone_project:owntone:0.12
-
cpe:2.3:a:owntone_project:owntone:0.19
-
cpe:2.3:a:owntone_project:owntone:20.0
-
cpe:2.3:a:owntone_project:owntone:21.0
-
cpe:2.3:a:owntone_project:owntone:22.0
-
cpe:2.3:a:owntone_project:owntone:22.1
-
cpe:2.3:a:owntone_project:owntone:22.2
-
cpe:2.3:a:owntone_project:owntone:22.3
-
cpe:2.3:a:owntone_project:owntone:23.0
-
cpe:2.3:a:owntone_project:owntone:23.1
-
cpe:2.3:a:owntone_project:owntone:23.2
-
cpe:2.3:a:owntone_project:owntone:23.3
-
cpe:2.3:a:owntone_project:owntone:23.4
-
cpe:2.3:a:owntone_project:owntone:24.0
-
cpe:2.3:a:owntone_project:owntone:24.1
-
cpe:2.3:a:owntone_project:owntone:24.2
-
cpe:2.3:a:owntone_project:owntone:25.0
-
cpe:2.3:a:owntone_project:owntone:26.0
-
cpe:2.3:a:owntone_project:owntone:26.1
-
cpe:2.3:a:owntone_project:owntone:26.2
-
cpe:2.3:a:owntone_project:owntone:26.3
-
cpe:2.3:a:owntone_project:owntone:26.4
-
cpe:2.3:a:owntone_project:owntone:26.5
-
cpe:2.3:a:owntone_project:owntone:27.0
-
cpe:2.3:a:owntone_project:owntone:27.1
-
cpe:2.3:a:owntone_project:owntone:27.2
-
cpe:2.3:a:owntone_project:owntone:27.3
-
cpe:2.3:a:owntone_project:owntone:27.4
-
cpe:2.3:a:owntone_project:owntone:28.0
-
cpe:2.3:a:owntone_project:owntone:28.1