rpm package
opensuse/owntone&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/owntone&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-63648 | — | < 29.0-2.1 | 29.0-2.1 | Jan 20, 2026 | A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server. | ||
| CVE-2021-38383 | — | < 28.2-1.2 | 28.2-1.2 | Aug 10, 2021 | OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c. |
- CVE-2025-63648Jan 20, 2026affected < 29.0-2.1fixed 29.0-2.1
A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server.
- CVE-2021-38383Aug 10, 2021affected < 28.2-1.2fixed 28.2-1.2
OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c.