CVE-2025-44560: Owntone Mpd Tag Newline Injection
Database-derived ID3 tag value (artist / album_artist / artist_sort / album_artist_sort / album / title / genre) is written into a newline-delimited MPD response via evbuffer_add_printf without sanitizing embedded newline characters. A media file with a crafted tag containing '\n' will inject extra MPD response lines and corrupt the line-based protocol frami
greprules fetch cve-2025-44560-owntone-mpd-tag-newline-injection --engine opengrepDescription
Database-derived ID3 tag value (artist / album_artist / artist_sort / album_artist_sort / album / title / genre) is written into a newline-delimited MPD response via evbuffer_add_printf without sanitizing embedded newline characters. A media file with a crafted tag containing '\n' will inject extra MPD response lines and corrupt the line-based protocol frami
Detection target
Not provided
Recommended fix
Not provided
False-positive notes
Not provided
Community feedback
Sign in to report false positives, mark this rule useful, or suggest metadata improvements.