DSA-1597 mt-daapd -- multiple vulnerabilitiesID: oval:org.mitre.oval:def:8291 | Date: (C)2009-12-15 (M)2021-06-02 |
Class: PATCH | Family: unix |
Three vulnerabilities have been discovered in the mt-daapd DAAP audio server (also known as the Firefly Media Server). The Common Vulnerabilities and Exposures project identifies the following three problems: Insufficient validation and bounds checking of the Authorization: HTTP header enables a heap buffer overflow, potentially enabling the execution of arbitrary code. Format string vulnerabilities in debug logging within the authentication of XML-RPC requests could enable the execution of arbitrary code. An integer overflow weakness in the handling of HTTP POST variables could allow a heap buffer overflow and potentially arbitrary code execution.