CVE-2023-47466

Опубликовано: 22 мая 2025

Источник: nvd

CVSS3: 2.9

CVSS3: 7.1

EPSS Низкий

Описание

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.

Ссылки

https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf
Patch
https://github.com/taglib/taglib/compare/v1.13.1...v2.0
Patch
https://github.com/taglib/taglib/issues/1163
Exploit
Third Party Advisory
https://github.com/taglib/taglib/pull/1164
Patch
https://lists.debian.org/debian-lts-announce/2026/01/msg00022.html
https://github.com/taglib/taglib/issues/1163
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:taglib:taglib:*:*:*:*:*:*:*:*

Версия до 2.0 (исключая)

EPSS

Процентиль: 1%

0.00008

Низкий

2.9 Low

CVSS3

7.1 High

CVSS3

Дефекты

CWE-476

Связанные уязвимости

CVE-2023-47466

CVSS3: 2.9

ubuntu

9 месяцев назад

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.

CVE-2023-47466

CVSS3: 2.5

redhat

9 месяцев назад

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.

CVE-2023-47466

CVSS3: 2.9

debian

9 месяцев назад

TagLib before 2.0 allows a segmentation violation and application cras ...

SUSE-SU-2025:4501-1

suse-cvrf

около 2 месяцев назад

Security update for taglib

GHSA-63jr-j347-v237

CVSS3: 2.9

github

9 месяцев назад

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.

EPSS

Процентиль: 1%

0.00008

Низкий

2.9 Low

CVSS3

7.1 High

CVSS3

Дефекты

CWE-476