Taglib: Security Vulnerabilities
TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.
CVSS Score
2.9
EPSS Score
0.0
Published
2025-05-22
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.
CVSS Score
6.5
EPSS Score
0.006
Published
2018-05-30
In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.
CVSS Score
8.8
EPSS Score
0.006
Published
2017-08-08