Vulnerability Description
TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.
CVSS Score
2.9
LOW
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Taglib | Taglib | < 2.0 |
Related Weaknesses (CWE)
References
- https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cfPatch
- https://github.com/taglib/taglib/compare/v1.13.1...v2.0Patch
- https://github.com/taglib/taglib/issues/1163ExploitThird Party Advisory
- https://github.com/taglib/taglib/pull/1164Patch
- https://lists.debian.org/debian-lts-announce/2026/01/msg00022.html
- https://github.com/taglib/taglib/issues/1163ExploitThird Party Advisory
FAQ
What is CVE-2023-47466?
CVE-2023-47466 is a vulnerability with a CVSS score of 2.9 (LOW). TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.
How severe is CVE-2023-47466?
CVE-2023-47466 has been rated LOW with a CVSS base score of 2.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-47466?
Check the references section above for vendor advisories and patch information. Affected products include: Taglib Taglib.