Sbooth

**Name of the Vulnerable Software and Affected Versions** TagLib version 1.11.1 **Description** The issue is related to the `rebuildAggregateFrames` function in the TagLib library, which is used for reading and modifying metadata in audio files. This function has a vulnerability that allows for unlimited loading of dangerous file types. Exploitation of this issue can enable a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The vulnerability can be triggered via a crafted audio file. **Recommendations** For TagLib version 1.11.1, consider disabling the `rebuildAggregateFrames` function as a temporary workaround until a patch is available. Restrict access to the `id3v2framefactory.cpp` module to minimize the risk of exploitation. Avoid using crafted audio files that could trigger the vulnerability until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.