CVE-2026-1767

Источник: debian

Описание

[Heap Buffer Overflow in GNOME localsearch MP3 Extractor]

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
localsearch	fixed	3.8.2-12		package
tracker-miners	removed			package
tracker-miners	no-dsa		trixie	package
tracker-miners	no-dsa		bookworm	package
tracker-miners	not-affected		bullseye	package

Примечания

https://gitlab.gnome.org/GNOME/localsearch/-/issues/429
Fixed by: https://gitlab.gnome.org/GNOME/localsearch/-/commit/2897ca48b7ae79db7dcfe7e66cdd5d75cb641466

Связанные уязвимости

CVE-2026-1767

ubuntu

около 2 месяцев назад

[Heap Buffer Overflow in GNOME localsearch MP3 Extractor]

CVE-2026-1767

CVSS3: 5.6

redhat

около 2 месяцев назад

A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length calculation during the parsing of performer tags can lead to a read beyond the allocated buffer, potentially causing a Denial of Service (DoS) due to a crash or enabling information disclosure.

SUSE-SU-2026:0780-1

suse-cvrf

27 дней назад

Security update for tracker-miners