Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2026-32889
Analyzed
More InfoOfficial Page
Source-security-advisories@github.com
View Known Exploited Vulnerability (KEV) details
Published At-20 Mar, 2026 | 03:15
Updated At-30 Mar, 2026 | 14:52

tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT (synchronized lyrics) frame. In server-side deployments that automatically parse attacker-supplied files, a single 498-byte MP3 can cause the parsing operation to stop making progress and remain busy until the worker or process is terminated. The root cause is that _parse_synced_lyrics assumes _find_string_end_pos always returns a position greater than the current offset. That assumption is false when no string terminator is present in the remaining frame content. This issue has been fixed in version 2.2.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CPE Matches
tinytag_project
tinytag_project
>>tinytag>>2.2.0
cpe:2.3:a:tinytag_project:tinytag:2.2.0:*:*:*:*:python:*:*
Weaknesses
CWE IDTypeSource
CWE-835Primarysecurity-advisories@github.com
CWE ID: CWE-835
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/tinytag/tinytag/commit/44e496310f7ced8077e9087e3774acbaa324b18asecurity-advisories@github.com
Patch
https://github.com/tinytag/tinytag/commit/4d649b9c314ada8ff8a74e0469e9aadb3acb252asecurity-advisories@github.com
Patch
https://github.com/tinytag/tinytag/commit/5cd321521ff097e41724b601d7e3d7adc7e53402security-advisories@github.com
Patch
https://github.com/tinytag/tinytag/security/advisories/GHSA-f4rq-2259-hv29security-advisories@github.com
Exploit
Patch
Vendor Advisory
Hyperlink: https://github.com/tinytag/tinytag/commit/44e496310f7ced8077e9087e3774acbaa324b18a
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/tinytag/tinytag/commit/4d649b9c314ada8ff8a74e0469e9aadb3acb252a
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/tinytag/tinytag/commit/5cd321521ff097e41724b601d7e3d7adc7e53402
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/tinytag/tinytag/security/advisories/GHSA-f4rq-2259-hv29
Source: security-advisories@github.com
Resource:
Exploit
Patch
Vendor Advisory
Change History
0Changes found
Details not found