CVE-2026-49127 | MusicPlayerDaemon MPD up to 0.24.10 PCM Decoder src/pcm/Pack.cxx pcm_unpack_24be off-by-one (News 2485)

A vulnerability marked as critical has been reported in MusicPlayerDaemon MPD up to 0.24.10. The affected element is the function pcm_unpack_24be of the file src/pcm/Pack.cxx of the component PCM Decoder. Performing a manipulation results in off-by-one.

This vulnerability is reported as CVE-2026-49127. The attack is possible to be carried out remotely. No exploit exists.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More