Heap Buffer Overflow Vulnerability in GNOME Localsearch Tracker-Extract-MP3 Component
CVE-2026-1765

5.6MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 16 June 2026

What is CVE-2026-1765?

A heap buffer overflow vulnerability exists in the tracker-extract-mp3 component of GNOME Localsearch, which processes specially crafted MP3 files. An attacker can exploit this flaw by sending a malicious MP3 file, potentially causing a Denial of Service (DoS) by crashing the application. Furthermore, this vulnerability may expose sensitive information from the system's memory, raising concerns about data confidentiality and integrity.

References

https://access.redhat.com/security/cve/CVE-2026-1765

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2435981

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 16, 2026
Vulnerability Reserved
Feb 2, 2026

Credit

Red Hat would like to thank Fatih Çelik for reporting this issue.

CVE-2026-1765 Data

JSON