Out-of-bounds Read The advisory has been revoked - it doesn't affect any version of package taglib  (opens in a new tab)


Threat Intelligence

EPSS
2.85% (85th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Out-of-bounds Read vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-CONAN-TAGLIB-10078366
  • published8 May 2025
  • disclosed30 May 2018
  • creditUnknown

Introduced: 30 May 2018

CVE-2018-11439  (opens in a new tab)
CWE-125  (opens in a new tab)

Amendment

This was deemed not a vulnerability.

Overview

Affected versions of this package are vulnerable to Out-of-bounds Read. The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.