CVE-2026-1766
5.6 MEDIUMA flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com...
Published: 2026-06-16 · Last updated: 2026-06-16
Severity and scoring
- CVSS
- 5.6 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
- CWE
- CWE-805
Description
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment) tags. An attacker could exploit this by providing a malicious MP3 file, leading to a denial of service (DoS), which causes an application crash, and potentially disclosing sensitive information from the heap memory.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-1767 — A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
- CVE-2026-12087 — Socket versions before 2.041 for Perl have an out-of-bounds heap read
- CVE-2026-34002 — A flaw was found in the X.Org X server (6.1 MEDIUM)