VYPR
Vendor

Taglib

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2017-12678HigAug 8, 2017
    risk 0.57cvss 8.8epss 0.02

    In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file.

  • CVE-2018-11439MedMay 30, 2018
    risk 0.42cvss 6.5epss 0.03

    The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.

  • CVE-2023-47466May 22, 2025
    risk 0.00cvss epss 0.00

    TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.

  • CVE-2012-1584Sep 6, 2012
    risk 0.00cvss epss 0.03

    Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation.

  • CVE-2012-1108Sep 6, 2012
    risk 0.00cvss epss 0.03

    The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.

  • CVE-2012-1107Sep 6, 2012
    risk 0.00cvss epss 0.02

    The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error.