Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

taglib vulnerabilities and exploits

(subscribe to this query)
4.3
CVSSv2

CVE-2012-1584

Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and previous versions allows context-dependent malicious users to cause a denial of service (application crash) via a crafted file header field in a media file, which triggers a large memory allocation.
Scott Wheeler TaglibScott Wheeler Taglib 1.0Scott Wheeler Taglib 1.1Scott Wheeler Taglib 1.2Scott Wheeler Taglib 1.3Scott Wheeler Taglib 1.3.1Scott Wheeler Taglib 1.4Scott Wheeler Taglib 1.5Scott Wheeler Taglib 1.6Scott Wheeler Taglib 1.6.1Scott Wheeler Taglib 1.6.2Scott Wheeler Taglib 1.6.3
4.3
CVSSv2

CVE-2012-1107

The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and previous versions allows context-dependent malicious users to cause a denial of service (application crash) via a crafted sampleRate in an ape file, which triggers a divide-by-zero error.
Scott Wheeler TaglibScott Wheeler Taglib 1.0Scott Wheeler Taglib 1.1Scott Wheeler Taglib 1.2Scott Wheeler Taglib 1.3Scott Wheeler Taglib 1.3.1Scott Wheeler Taglib 1.4Scott Wheeler Taglib 1.5Scott Wheeler Taglib 1.6Scott Wheeler Taglib 1.6.1Scott Wheeler Taglib 1.6.2Scott Wheeler Taglib 1.6.3
4.3
CVSSv2

CVE-2012-1108

The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and previous versions allows remote malicious users to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.
Scott Wheeler TaglibScott Wheeler Taglib 1.0Scott Wheeler Taglib 1.1Scott Wheeler Taglib 1.2Scott Wheeler Taglib 1.3Scott Wheeler Taglib 1.3.1Scott Wheeler Taglib 1.4Scott Wheeler Taglib 1.5Scott Wheeler Taglib 1.6Scott Wheeler Taglib 1.6.1Scott Wheeler Taglib 1.6.2Scott Wheeler Taglib 1.6.3
8.8
CVSSv3

CVE-2017-12678

In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote malicious users to cause a denial of service or possibly have unspecified other impact via a crafted audio file.
Taglib Taglib 1.11.1Debian Debian Linux 9.0
6.5
CVSSv3

CVE-2018-11439

The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote malicious users to cause information disclosure (heap-based buffer over-read) via a crafted audio file.
Taglib Taglib 1.11.1Debian Debian Linux 8.0Debian Debian Linux 9.0
2.9
CVSSv3

CVE-2023-47466

TagLib prior to 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.
Taglib Taglib
6.1
CVSSv3

CVE-2019-16147

Liferay Portal up to and including 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib.
Liferay Liferay PortalLiferay Liferay Portal 7.2.0
6.1
CVSSv3

CVE-2021-35463

Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote malicious users to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.
Liferay Liferay Portal 7.4.0
6.1
CVSSv3

CVE-2022-42117

A Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.3.2 up to and including 7.4.3.16, and Liferay DXP 7.3 before update 6, and 7.4 before update 17 allows remote malicious users to inject arbitrary web script or HTML.
Liferay DxpLiferay Dxp 7.3Liferay Dxp 7.4Liferay Liferay Portal
5
CVSSv2

CVE-2010-2937

The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in VideoLAN VLC media player 0.9.0 up to and including 1.1.2 does not properly process ID3v2 tags, which allows remote malicious users to cause a denial of service (application crash) via a crafted media file.
Videolan Vlc Media Player 0.9.0Videolan Vlc Media Player 0.9.1Videolan Vlc Media Player 0.9.2Videolan Vlc Media Player 0.9.3Videolan Vlc Media Player 0.9.4Videolan Vlc Media Player 0.9.5Videolan Vlc Media Player 0.9.6Videolan Vlc Media Player 0.9.7Videolan Vlc Media Player 0.9.8aVideolan Vlc Media Player 0.9.9Videolan Vlc Media Player 0.9.9aVideolan Vlc Media Player 0.9.10
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-4278updatenavifujitsu client computing limitedCVE-2025-32465CVE-2025-49184ibmCVE-2025-4275file uploadCVE-2025-33073sick agfile inclusionCVE-2025-26383unspecified
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook