CVE-2022-48363

Name of the Vulnerable Software and Affected Versions MPD versions prior to 0.23.8

Description The issue arises from the PipeWire output plugin mishandling a Drain call in certain situations involving truncated files, leading to an assertion failure in libmpdclient due to libqtappfw passing in a NULL pointer.

Recommendations For versions prior to 0.23.8, update to version 0.23.8 or later to resolve the issue. As a temporary workaround, consider restricting the use of the PipeWire output plugin until a patch is available.