CVE-2026-1764

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

5.6 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H                                    

Vulnerability Description

A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the `extract_performers_tags` function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by triggering a read of unmapped memory. In some cases, it could also lead to information disclosure by reading visible heap data.

Vulnerability Details

Published Date

June 16, 2026

Last Modified

June 16, 2026

CWE ID

CWE-125

Source

NVD

External References

https://access.redhat.com/security/cve/CVE-2026-1764
https://bugzilla.redhat.com/show_bug.cgi?id=2435980

CVE-2026-1764

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment