CVE-2026-1765
MEDIUM 5.6A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denial of Service (DoS) where the application crashes. It may also potentially expose sensitive information from the system's memory.
No known exploitation, public exploit, or elevated probability at this time. Track for changes.
Exploitation likelihood
0.1%chance of exploitation in 30 days · 4th percentile
Impact if exploited
5.6CVSS 3.1 · MEDIUM
- ConfidentialityLow
- IntegrityNone
- AvailabilityHigh
What an attacker needs
- ⚠Access: Requires local access to the host
- ⚠Privileges: Requires a low-privilege account
- ⚠User interaction: A user must take an action (click / open a file)
- ✓Complexity: No special conditions — reliably repeatable
✓ lowers the bar for an attacker · ⚠ raises it
Affected
Vendors Red Hat
Products Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9
Weakness (CWE)
- CWE-125: Out-of-bounds read
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H