Taglib
CVE-2023-47466
LOW
Severity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Lifecycle Timeline
4DescriptionCVE.org
TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.
AnalysisAI
TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available.
Technical ContextAI
This vulnerability is classified as NULL Pointer Dereference (CWE-476), which allows attackers to crash the application by dereferencing a null pointer. TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk. Affected products include: Taglib. Version information: before 2.0.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Check pointers before dereferencing. Use static analysis tools to detect null pointer paths.
The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause informat
The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service
In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, whic
The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cau
Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attac
Same weakness CWE-476 – NULL Pointer Dereference
View allSame technique Null Pointer Dereference
View allShare
External POC / Exploit Code
Leaving vuln.today