Readymedia Project: >> Readymedia >> 1.1.5 Security Vulnerabilities
A DNS rebinding issue in ReadyMedia (formerly MiniDLNA) before 1.3.1 allows a remote web server to exfiltrate media files.
CVSS Score
7.4
EPSS Score
0.002
Published
2022-03-06
ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove.
CVSS Score
9.8
EPSS Score
0.653
Published
2020-11-30