CVE Catalog

CVE-2026-1765

MediumCVSS 5.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.19%

9th percentile — higher than 9% of all known CVEs

Summary

A flaw in the `tracker-extract-mp3` component of GNOME localsearch leads to a heap buffer overflow when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, resulting in application crashes.

Risk Assessment

This vulnerability may lead to Denial of Service (DoS) and potentially expose sensitive information from the system's memory.

Recommendation

It is recommended to update the `tracker-extract-mp3` component to the latest version to mitigate the risks associated with this vulnerability.

Original NVD description (English source)

A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denial of Service (DoS) where the application crashes. It may also potentially expose sensitive information from the system's memory.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS