Medium severity5.6NVD Advisory· Published Jun 16, 2026· Updated Jun 16, 2026
CVE-2026-1764
CVE-2026-1764
Description
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extract_performers_tags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by triggering a read of unmapped memory. In some cases, it could also lead to information disclosure by reading visible heap data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords4 versionspkg:rpm/opensuse/localsearch&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/tracker-miners&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/tracker-miners&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/tracker-miners&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
< 3.10.2-2.1+ 3 more
- (no CPE)range: < 3.10.2-2.1
- (no CPE)range: < 3.6.2-150600.4.6.1
- (no CPE)range: < 3.6.2-150600.4.6.1
- (no CPE)range: < 3.6.2-150600.4.6.1
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.