CNNVD-202602-538 Information
CNNVD ID
CNNVD-202602-538
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
Navidrome是Navidrome开源的一个基于 Web 的开源音乐收集服务器和流媒体。用于自由地从任何浏览器或移动设备收听音乐收藏。 Navidrome 0.60.0之前版本存在安全漏洞,该漏洞源于处理过大的size参数时尝试创建超大图像,可能导致内存耗尽、服务中断和磁盘空间耗尽。
Description (English)
Navidrome is an open-source music collection server and streaming medium based on Web. For free listening to music collections from any browser or mobile device. The previous version of Navidrome 0.60.0 had a security loophole, which arose from attempts to create super-size images while handling too large size size size parameters, which could lead to depletion of memory, disruption of services and depletion of disk space.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Navidrome
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/navidrome/navidrome/releases/tag/v0.60.0 https://github.com/navidrome/navidrome/security/advisories/GHSA-hrr4-3wgr-68x3
Patch
https://github.com/navidrome/navidrome/releases
Share on: