TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.
[
{
"id": "CVE-2023-47466-ac5dda3e",
"target": {
"file": "taglib/riff/rifffile.cpp"
},
"signature_version": "v1",
"source": "https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf",
"signature_type": "Line",
"digest": {
"line_hashes": [
"320438976109958051302946202882709900145",
"115644597826481197946690216376375158721",
"91930021490704563653576514821066833916",
"103224831332438296792971282864585741788"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2023-47466-b7fa9c64",
"target": {
"file": "tests/test_wav.cpp"
},
"signature_version": "v1",
"source": "https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf",
"signature_type": "Line",
"digest": {
"line_hashes": [
"124607960067516126778590029833007957722",
"122549017952609444267967532894449737803",
"113654578064859875193113650691045258419",
"325174032710579554971238864356537793411",
"12514264618112778736723863820381634024",
"199434071464159201647024344237948992333"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "CVE-2023-47466-f49c2297",
"target": {
"function": "RIFF::File::updateGlobalSize",
"file": "taglib/riff/rifffile.cpp"
},
"signature_version": "v1",
"source": "https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf",
"signature_type": "Function",
"digest": {
"function_hash": "126611307555410625025901688885943692770",
"length": 371.0
},
"deprecated": false
}
]
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-47466.json"
"2026-04-12T06:44:53Z"