By weakness (CWE)

CWE-193: related vulnerabilities

CVEs classified under CWE-193. Understanding the weakness class helps prioritize systemic fixes over one-off patches.

1 published vulnerability

  • CVE-2026-49127HIGH 8.6

    Music Player Daemon (MPD) versions before 0.24.11 contain a flaw in how they decode certain audio formats that allows an attacker to crash the service or potentially execute code. An attacker can send specially crafted commands pointing to a malicious audio file, causing the decoder to write more data than the buffer can hold. This overwrites adjacent memory with attacker-controlled data, destabilizing the daemon. No authentication is required—any network-accessible MPD instance is at risk.