CNNVD-202601-847 Information

CNNVD ID

CNNVD-202601-847

Related CVE

CVE-2025-55204

• CNNVD Published: 2026-01-05

Description (Chinese)

muffon是Aleksey Shpakovsky个人开发者的一个音乐播放软件。 muffon 2.3.0之前版本存在代码注入漏洞，该漏洞源于特制muffon链接处理不当，可能导致远程代码执行。

Description (English)

Muffon is a music player for Aleksey Shpakovsky’s personal developer. The pre-muffon version 2.3.0 contains a code-injecting loophole, which stems from the inappropriate handling of specially designed muffon links, which may result in remote code implementation.

Hazard Level

Medium

Vulnerability Type

代码注入

Affected Vendor

个人开发者

Published

2026-01-05

Last Modified

2026-02-24

References

https://github.com/staniel359/muffon/security/advisories/GHSA-gc3f-gqph-522q https://github.com/staniel359/muffon/releases/tag/v2.3.0 https://drive.google.com/file/d/1eCPCQ6leuVM_vecfofFv04c0t9isCBqR/view?usp=sharing https://access.redhat.com/security/cve/cve-2025-55204

Patch

https://muffon.netlify.app/