Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| localsearch | fixed | 3.8.2-12 | package | |
| tracker-miners | removed | package | ||
| tracker-miners | no-dsa | trixie | package | |
| tracker-miners | no-dsa | bookworm | package | |
| tracker-miners | not-affected | bullseye | package |
Примечания
https://gitlab.gnome.org/GNOME/localsearch/-/issues/425
Fixed by: https://gitlab.gnome.org/GNOME/localsearch/-/commit/5337e2977f159c29e2b8af575e56866862af241b
Связанные уязвимости
CVSS3: 5.6
redhat
около 2 месяцев назад
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the `extract_performers_tags` function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by triggering a read of unmapped memory. In some cases, it could also lead to information disclosure by reading visible heap data.
