CVE-2026-1764
πΆ mediumSummary
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the `extract_performers_tags` function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by triggering a read of unmapped memory. In some cases, it could also lead to information disclosure by reading visible heap data.
CVSS Score
5.6
Medium
EPSS Score
0.2
Exploit Probability
Published Date
2026-06-16
First Seen: 2026-06-17
π Relative Risk Intelligence
This CVE is Lower Risk - more severe than 32.7% of all 329,456 vulnerabilities in our database.
#221,882
Below average severity
Severity Percentile
π― CISA SSVC Assessment Updated: Jun 16, 2026
π Exploitation Status
None
No known exploits
βοΈ Automatable
NO
Requires human interaction
π₯ Technical Impact
Partial
Limited system impact
π Discovered By
Red Hat would like to thank Fatih Γelik for reporting this issue.
SSVC data provided by
CISA
Last Modified
2026-06-18
Source
NVD π
CVSS Vector 3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
CWE IDs (Weakness Types)