8.1

CVE-2026-1767

Exploit

Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leading to denial of service or information disclosure via malformed mp3 id3 tags

A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length calculation during the parsing of performer tags can lead to a read beyond the allocated buffer, potentially causing a Denial of Service (DoS) due to a crash or enabling information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeLocalsearch Version-
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.25% 0.155
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
patrick@puiterwijk.org 5.6 1.3 4.2
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
CWE-805 Buffer Access with Incorrect Length Value

The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.

https://access.redhat.com/security/cve/CVE-2026-1767
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2435983
Third Party Advisory
Exploit