Firefly Media Server Webserver.C Multiple Format String Vulnerabilities

Firefly Media Server Webserver.C Multiple Format String Vulnerabilities

Firefly Media Server (formerly known as mt-daapd) is affected by multiple format-string vulnerabilities because the application fails to adequately sanitize user-supplied input before passing it as the format-specifier to a formatted-printing function.

Exploiting these issues can allow remote attackers to execute arbitrary code in the context of the application.

Versions prior to Firefly Media Server 0.2.4.1 are affected.