CVE-2023-47466

Published: 5/22/2025 Last updated: 5/22/2025 Reserved: 11/6/2023

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	2.9	Low	CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Opam packages affected (3)

conf-taglib conf-taglib_c taglib

Products affected (1)

Product	Vendor	Version
TagLib	TagLib	n/a

References (5)

https://github.com/taglib/taglib/issues/1163
https://github.com/taglib/taglib/pull/1164
https://github.com/taglib/taglib/compare/v1.13.1...v2.0
https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf
https://github.com/taglib/taglib/issues/1163