6.1
CVE-2026-1766
- EPSS 0.16%
- Veröffentlicht 16.06.2026 00:34:39
- Zuletzt bearbeitet 16.06.2026 20:27:50
- Quelle patrick@puiterwijk.org
- CVE-Watchlists
- Unerledigt
Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and information disclosure via malformed mp3 files.
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment) tags. An attacker could exploit this by providing a malicious MP3 file, leading to a denial of service (DoS), which causes an application crash, and potentially disclosing sensitive information from the heap memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gnome ≫ Localsearch Version-
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.053 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.1 | 1.8 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
|
| patrick@puiterwijk.org | 5.6 | 1.3 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
|
CWE-805 Buffer Access with Incorrect Length Value
The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
https://access.redhat.com/security/cve/CVE-2026-1766
https://bugzilla.redhat.com/show_bug.cgi?id=2435982