Music Player Daemon (MPD) before version 0.24.11 contains a stack buffer overflow vulnerability in the pcm_unpack_24be function in src/pcm/Pack.cxx that allows …

Music Player Daemon (MPD) before version 0.24.11 contains a critical stack buffer overflow vulnerability in the pcm_unpack_24be function. The vulnerability allows unauthenticated attackers to corrupt stack memory through an off-by-one write in the PCM decoder plugin. Attackers can exploit this by issuing two MPD commands referencing a malicious HTTP audio source, causing the unpack loop to write 1366 entries into a 1365-entry buffer. This overwrites four bytes past the array boundary with three attacker-controlled bytes from an HTTP response body. The exploitation can result in daemon termination or potential code execution, making this a high-severity vulnerability affecting audio streaming infrastructure.