owntone 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk memory corruption and vendor risk denial of service などに関し、一部は アプリケーションクラッシュ を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-63648 | A NULL pointer dereference in the dacp_reply_playqueueedit_move function (src/httpd_dacp.c) of owntone-server commit b7e385f allows attackers to cause a Denial of Service (DoS) via sending a crafted DACP request to the server. | [email protected] | 7.5 | 0.05% | 2026-01-20 | 2026-02-13 |
| CVE-2025-63647 | A NULL pointer dereference in the parse_meta function (src/httpd_daap.c) of owntone-server commit 334beb allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server. | [email protected] | 7.5 | 0.05% | 2026-01-20 | 2026-02-13 |
| CVE-2025-57156 | NULL pointer dereference in the dacp_reply_playqueueedit_clear function in src/httpd_dacp.c in owntone-server through commit 6d604a1 (newer commit after version 28.12) allows remote attackers to cause a Denial of Service (crash). | [email protected] | 7.5 | 0.39% | 2026-01-20 | 2026-02-13 |
| CVE-2025-57155 | NULL pointer dereference in the daap_reply_groups function in src/httpd_daap.c in owntone-server through commit 5e6f19a (newer commit after version 28.2) allows remote attackers to cause a Denial of Service. | [email protected] | 7.5 | 0.25% | 2026-01-20 | 2026-02-13 |
| CVE-2021-38383 | OwnTone (aka owntone-server) through 28.1 has a use-after-free in net_bind() in misc.c. | [email protected] | 9.8 | 0.51% | 2021-08-10 | 2026-02-13 |