8.1
CVE-2026-1767
- EPSS 0.25%
- Veröffentlicht 16.06.2026 00:34:48
- Zuletzt bearbeitet 16.06.2026 20:29:22
- Quelle patrick@puiterwijk.org
- CVE-Watchlists
- Unerledigt
Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leading to denial of service or information disclosure via malformed mp3 id3 tags
A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length calculation during the parsing of performer tags can lead to a read beyond the allocated buffer, potentially causing a Denial of Service (DoS) due to a crash or enabling information disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Gnome ≫ Localsearch Version-
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.25% | 0.155 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
|
| patrick@puiterwijk.org | 5.6 | 1.3 | 4.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
|
CWE-805 Buffer Access with Incorrect Length Value
The product uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
https://access.redhat.com/security/cve/CVE-2026-1767
https://bugzilla.redhat.com/show_bug.cgi?id=2435983