Volerion logoVolerion
Volerion logoVolerion

Owntone Server NULL Pointer Dereference Vulnerability in DACP Request Handling Allowing Denial-of-Service

Vulnerability

A NULL pointer dereference vulnerability has been identified in the Owntone Server within the 'dacp_reply_playqueueedit_move' function of 'src/httpd_dacp.c', specifically in commit 'b7e385f'. This vulnerability allows remote attackers to cause a denial-of-service condition by sending a crafted DACP request to the server. The issue arises when the 'edit-params' parameter is improperly formatted, leading to a segmentation fault.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a denial-of-service condition where the server crashes.

Reproduction

The vulnerability can be reproduced by sending a DACP request to the server's 'playqueue-edit' endpoint, with the 'command' parameter set to 'move' and the 'edit-params' parameter lacking a colon. This malformed request will trigger the NULL pointer dereference by causing the 'strchr' function to return NULL, which is then improperly handled, leading to a segmentation fault.

Remediation

This vulnerability has been fixed in commit '5f526c7a7e08c567a5c72421d74a79dafdd07621'.

Added: Jan 20, 2026, 9:25 PM
Updated: Jan 20, 2026, 9:25 PM

Vulnerability Rating

Custom Algorithm
spread
1.4
impact
2.5
exploitability
9.1
remediation
7.7
relevance
2.2
threat
6.4
urgency
2.9
incentive
8.3

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.