Owntone: >> Owntone Server >> 28.9 Security Vulnerabilities
A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-01-20
NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash).
CVSS Score
7.5
EPSS Score
0.002
Published
2026-01-20