CVE-2026-1765

EUVD-2026-37026
A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denial of Service (DoS) where the application crashes. It may also potentially expose sensitive information from the system's memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Debian logo
Debian Releases
Debian Product
Codename
localsearch
forky
3.11.1-3
fixed
sid
3.11.1-3
fixed
tracker-miners
bookworm
no-dsa
bullseye
postponed
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
tracker-miner-files
suse enterprise desktop 15 SP7
3.6.2-150600.4.6.1
fixed
suse enterprise sap 15 SP7
3.6.2-150600.4.6.1
fixed
suse enterprise server 15 SP7
3.6.2-150600.4.6.1
fixed
tracker-miners
suse enterprise desktop 15 SP7
3.6.2-150600.4.6.1
fixed
suse enterprise sap 15 SP7
3.6.2-150600.4.6.1
fixed
suse enterprise server 15 SP7
3.6.2-150600.4.6.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
tracker-miners
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.2
fixed
tracker-miners-debuginfo
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.2
fixed
tracker-miners-debugsource
Amazon Linux 2023
0:3.7.4-2.amzn2023.0.2
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2026-1765
https://bugzilla.redhat.com/show_bug.cgi?id=2435981