In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted audio file. Upstream patch: https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6
Created mingw-taglib tracking bugs for this issue: Affects: fedora-all [bug 1483961] Created taglib tracking bugs for this issue: Affects: fedora-all [bug 1483960]