| Package | taglib |
|---|---|
| Version | 1.11.1+dfsg.1-0.3+deb9u2 (stretch), 1.11.1+dfsg.1-0.3+deb10u2 (buster) |
| Related CVEs | CVE-2023-47466 |
An issues has been found in taglib, an audio meta-data library. The issue is related to a segmentation violation and a resulting application crash due to processing a crafted WAV file in which an id3 chunk is the only valid chunk.
For Debian 10 buster, these problems have been fixed in version 1.11.1+dfsg.1-0.3+deb10u2.
For Debian 9 stretch, these problems have been fixed in version 1.11.1+dfsg.1-0.3+deb9u2.
We recommend that you upgrade your taglib packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.