CVE-2026-1765
MediumCVSS 5.6Exploitation Probability (EPSS)
Low risk9th percentile — higher than 9% of all known CVEs
Summary
A flaw in the `tracker-extract-mp3` component of GNOME localsearch leads to a heap buffer overflow when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, resulting in application crashes.
Risk Assessment
This vulnerability may lead to Denial of Service (DoS) and potentially expose sensitive information from the system's memory.
Recommendation
It is recommended to update the `tracker-extract-mp3` component to the latest version to mitigate the risks associated with this vulnerability.
Original NVD description (English source)
A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denial of Service (DoS) where the application crashes. It may also potentially expose sensitive information from the system's memory.

