CVE-2026-32889

A flaw was found in tinytag, a Python library for reading audio file metadata. An attacker who can supply specially crafted MP3 files for parsing can trigger a non-terminating loop within the library. This can cause the parsing operation to stop making progress, leading to a Denial of Service DoS...

kaithem (=0.95.0) potentially affected by CVE-2026-32889 via tinytag (=2.2.0)

tinytag PYPI version =2.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on tinytag and may be impacted: - kaithem =0.95.0 Source cves: CVE-2026-32889 Source advisory: SNYK:PYTHON-TINYTAG-15763573...

Infinite loop

Overview tinytag is a Read audio file metadata Affected versions of this package are vulnerable to Infinite loop via a non-terminating SYLT frame parsing loop. An attacker can cause the application to become unresponsive by supplying a specially crafted MP3 file containing a SYLT frame without a...

CVE-2026-32889

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...

CVE-2026-32889

Tinytag (Python) version 2.2.0 is affected by a Denial of Service via a non-terminating SYLT frame parsing loop when processing attacker-supplied MP3s. The root cause is in _parse_synced_lyrics/_find_string_end_pos where an absent string terminator can cause the parser to reset its offset and nev...

CVE-2026-32889 tinytag: Denial of Service via non-terminating SYLT frame parsing loop

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...

CVE-2026-32889 tinytag: Denial of Service via non-terminating SYLT frame parsing loop

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...

CVE-2026-32889

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...

CVE-2026-32889 tinytag: Denial of Service via non-terminating SYLT frame parsing loop

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse...

tinytag 安全漏洞

Tinytag is a Python library developed by Tinytag that reads metadata from audio files. Version 2.2.0 of Tinytag contains a security vulnerability. This vulnerability stems from an incorrect assumption during the parsing of ID3v2 SYLT frames, which may lead to non-terminating loops and cause...

Denial of service via non-terminating SYLT frame parsing loop in tinytag

Summary tinytag 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse attacker-supplied files, a single 498-byte MP3 can cause the parsin...

GHSA-F4RQ-2259-HV29 Denial of service via non-terminating SYLT frame parsing loop in tinytag

Summary tinytag 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-side deployments that automatically parse attacker-supplied files, a single 498-byte MP3 can cause the parsin...

CVE-2026-32889

creationtimestamp| type| source ---|---|--- 2026-03-19 16:10:20+00:00| published-proof-of-concept| https://github.com/tinytag/tinytag/security/advisories/GHSA-f4rq-2259-hv29...

PT-2026-26463

Name of the Vulnerable Software and Affected Versions tinytag versions 2.2.0 Description tinytag version 2.2.0 contains an issue where an attacker who can supply MP3 files for parsing can trigger a non-terminating loop while the library parses an ID3v2 SYLT synchronized lyrics frame. In server-si...