By weakness (CWE)
CWE-193: related vulnerabilities
CVEs classified under CWE-193. Understanding the weakness class helps prioritize systemic fixes over one-off patches.
1 published vulnerability
- CVE-2026-49127HIGH 8.6
Music Player Daemon (MPD) versions before 0.24.11 contain a flaw in how they decode certain audio formats that allows an attacker to crash the service or potentially execute code. An attacker can send specially crafted commands pointing to a malicious audio file, causing the decoder to write more data than the buffer can hold. This overwrites adjacent memory with attacker-controlled data, destabilizing the daemon. No authentication is required—any network-accessible MPD instance is at risk.