CVE-2026-1767
5.6 MEDIUMA flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component
Published: 2026-06-16 · Last updated: 2026-06-16
Severity and scoring
- CVSS
- 5.6 MEDIUM
- Vector
- CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
- CWE
- CWE-805
Description
A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length calculation during the parsing of performer tags can lead to a read beyond the allocated buffer, potentially causing a Denial of Service (DoS) due to a crash or enabling information disclosure.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-1766 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
- CVE-2026-12087 — Socket versions before 2.041 for Perl have an out-of-bounds heap read
- CVE-2026-34002 — A flaw was found in the X.Org X server (6.1 MEDIUM)