Medium severity5.6NVD Advisory· Published Jun 16, 2026· Updated Jun 16, 2026
CVE-2026-1766
CVE-2026-1766
Description
A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM (Comment) tags. An attacker could exploit this by providing a malicious MP3 file, leading to a denial of service (DoS), which causes an application crash, and potentially disclosing sensitive information from the heap memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
9cpe:2.3:a:gnome:localsearch:-:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gnome:localsearch:-:*:*:*:*:*:*:*
- (no CPE)
cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:redhat:enterprise_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
- osv-coords4 versionspkg:rpm/opensuse/localsearch&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/tracker-miners&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/tracker-miners&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP7pkg:rpm/suse/tracker-miners&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
< 3.10.2-2.1+ 3 more
- (no CPE)range: < 3.10.2-2.1
- (no CPE)range: < 3.6.2-150600.4.6.1
- (no CPE)range: < 3.6.2-150600.4.6.1
- (no CPE)range: < 3.6.2-150600.4.6.1
Patches
Vulnerability mechanics
References
2- bugzilla.redhat.com/show_bug.cginvdExploitThird Party Advisory
- access.redhat.com/security/cve/CVE-2026-1766nvdThird Party Advisory
News mentions
0No linked articles in our index yet.