The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file.
Gentoo Linux Security Advisory 201206-16 - Multiple vulnerabilities have been found in TagLib, possibly resulting in Denial of Service. Versions less than 1.7.1 are affected.