CVE-2023-47466 | THREATINT

Description

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.

PUBLISHED Reserved 2023-11-06 | Published 2025-05-22 | Updated 2026-01-24 | Assigner mitre

LOW: 2.9CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-476 NULL Pointer Dereference

Product status

Default status

unaffected

Any version before 2.0

affected

References

github.com/taglib/taglib/issues/1163 exploit

lists.debian.org/debian-lts-announce/2026/01/msg00022.html

github.com/taglib/taglib/issues/1163

github.com/taglib/taglib/pull/1164

github.com/taglib/taglib/compare/v1.13.1...v2.0

github.com/...ommit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf

cve.org (CVE-2023-47466)

nvd.nist.gov (CVE-2023-47466)

Download JSON