CVE-2026-1766

MEDIUM EPSS 5.4%

Published Jun 16, 20261w ago · Modified Jun 17, 20261w ago

6.1 CVSS 3.1

Medium

Published Jun 16, 2026 1w ago

Last Modified Jun 17, 2026 1w ago

Description

A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment) tags. An attacker could exploit this by providing a malicious MP3 file, leading to a denial of service (DoS), which causes an application crash, and potentially disclosing sensitive information from the heap memory.

CVSS Details

Base Score

6.1

Exploitability

1.8

Impact

4.2

Vector string

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction Required

Scope Unchanged

Confidentiality Low

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

5.4% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-805

Affected Products 4

Vendor	Product	Version	Range
gnome	localsearch	*	any
redhat	enterprise_linux	8.0	any
redhat	enterprise_linux	9.0	any
redhat	enterprise_linux	10.0	any

References 2

access.redhat.com https://access.redhat.com/security/cve/CVE-2026-1766

Third Party Advisory
bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2435982

ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.