CVE-2026-1766
πΆ mediumSummary
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment) tags. An attacker could exploit this by providing a malicious MP3 file, leading to a denial of service (DoS), which causes an application crash, and potentially disclosing sensitive information from the heap memory.
CVSS Score
5.6
Medium
EPSS Score
0.2
Exploit Probability
Published Date
2026-06-16
First Seen: 2026-06-17
π Relative Risk Intelligence
This CVE is Lower Risk - more severe than 32.7% of all 328,009 vulnerabilities in our database.
#220,818
Below average severity
Severity Percentile
π― CISA SSVC Assessment Updated: Jun 16, 2026
π Exploitation Status
None
No known exploits
βοΈ Automatable
NO
Requires human interaction
π₯ Technical Impact
Partial
Limited system impact
π Discovered By
Red Hat would like to thank Fatih Γelik for reporting this issue.
SSVC data provided by
CISA
Last Modified
2026-06-16
Source
NVD π
CVSS Vector 3.1
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
CWE IDs (Weakness Types)