Skip to main content

Taglib

6 CVEs product

Monthly

CVE-2023-47466 LOW POC PATCH Monitor

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available.

Null Pointer Dereference Denial Of Service Taglib
NVD GitHub
CVSS 3.1
2.9
EPSS
0.0%
CVE-2018-11439 MEDIUM POC This Month

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Taglib Debian Linux
NVD
CVSS 3.1
6.5
EPSS
2.8%
CVE-2017-12678 HIGH PATCH This Week

In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Denial Of Service File Upload Taglib Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2012-1584 MEDIUM POC PATCH This Month

Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Taglib
NVD GitHub
CVSS 2.0
4.3
EPSS
2.8%
CVE-2012-1108 MEDIUM POC PATCH This Month

The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Taglib
NVD GitHub
CVSS 2.0
4.3
EPSS
4.0%
CVE-2012-1107 MEDIUM POC PATCH This Month

The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Taglib
NVD GitHub
CVSS 2.0
4.3
EPSS
2.9%
EPSS 0% CVSS 2.9
LOW POC PATCH Monitor

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available.

Null Pointer Dereference Denial Of Service Taglib
NVD GitHub
EPSS 3% CVSS 6.5
MEDIUM POC This Month

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Buffer Overflow Taglib +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Denial Of Service File Upload Taglib +1
NVD GitHub
EPSS 3% CVSS 4.3
MEDIUM POC PATCH This Month

Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Taglib
NVD GitHub
EPSS 4% CVSS 4.3
MEDIUM POC PATCH This Month

The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Taglib
NVD GitHub
EPSS 3% CVSS 4.3
MEDIUM POC PATCH This Month

The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Denial Of Service Taglib
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy