CVE-2023-47466

low-risk

Published 2025-05-22

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.

Do I need to act?

0.02% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.9/10 Low

LOCAL / HIGH complexity

Affected Products (1)

Taglib

Affected Vendors

Taglib

References (6)

Patch https://github.com/taglib/taglib/commit/dfa33bec0806cbb45785accb8cc6c2048a7d40cf

Patch https://github.com/taglib/taglib/compare/v1.13.1...v2.0

Exploit https://github.com/taglib/taglib/issues/1163

Patch https://github.com/taglib/taglib/pull/1164

https://lists.debian.org/debian-lts-announce/2026/01/msg00022.html

Exploit https://github.com/taglib/taglib/issues/1163

/ 100

low-risk

Severity 8/34 · Low

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal