CVE-2023-47466

Name

CVE-2023-47466

Description

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
cve@mitre.org	https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf
cve@mitre.org	https://github.com/taglib/taglib/compare/v1.13.1...v2.0
cve@mitre.org	https://github.com/taglib/taglib/issues/1163
cve@mitre.org	https://github.com/taglib/taglib/pull/1164

Match rules

CPE URI	Source package	Min version	Max version
	taglib	>= 0	< 2.0
`cpe:2.3:a:taglib:taglib::::::::`	taglib	>= None	< 2.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
taglib	edge-community	1.13.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
taglib	3.22-community	1.13.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable