TagLib Segmentation Violation Vulnerability in WAV File Tag Writing

A segmentation violation vulnerability has been identified in TagLib versions prior to 2.0. This issue occurs when writing tags to a crafted WAV file that contains only a valid ID3 chunk. The vulnerability leads to an application crash by causing a segmentation fault. The problem arises because the tag writing process removes the existing ID3 chunk, leaving the chunks vector empty. Subsequently, the application attempts to access the front of the empty vector, resulting in a crash.

Impact

Exploitation of this vulnerability causes a segmentation fault, leading to a crash of the application using the TagLib library. This disruption can affect the availability of software systems, libraries, and devices that rely on TagLib.

Reproduction

To reproduce this vulnerability, use the TagLib version through 1.13.1 and the TagWriter example application included with TagLib. The vulnerability can be triggered by writing a title tag to a specially crafted WAV file that has the ID3 chunk as its only valid chunk. This operation will cause the application to crash due to the segmentation fault.

Remediation

Users can upgrade to TagLib version 2.0 or later, where this vulnerability has been fixed.