Skip to main content

GNOME localsearch EUVDEUVD-2026-37025

| CVE-2026-1764 MEDIUM
Out-of-bounds Read (CWE-125)
2026-06-16 fedora GHSA-f6x5-hp9j-j5wv
5.6
CVSS 3.1 · Vendor: fedora
Share

Severity by source

Vendor (fedora) PRIMARY
5.6 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
vuln.today AI
5.6 MEDIUM

Local vector and UI:R because exploitation requires delivering a file and triggering local indexing; PR:L for standard user account; C:L for bounded heap leakage; I:N as no write primitive exists.

3.1 AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
4.0 AV:L/AC:L/AT:N/PR:L/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
Ubuntu
MEDIUM
qualitative
SUSE
MEDIUM
qualitative
Red Hat
5.6 MEDIUM
qualitative

Primary rating from Vendor (fedora).

CVSS VectorVendor: fedora

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 16, 2026 - 02:16 vuln.today

DescriptionCVE.org

A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extract_performers_tags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker to cause a Denial of Service (DoS) by triggering a read of unmapped memory. In some cases, it could also lead to information disclosure by reading visible heap data.

AnalysisAI

Heap out-of-bounds read in GNOME localsearch (formerly tracker-miners) MP3 Extractor affects Red Hat Enterprise Linux 8, 9, and 10, exploitable when a local user triggers indexing of a specially crafted MP3 file containing malformed ID3v2.4 tags. The missing bounds check in the extract_performers_tags function can cause a Denial of Service via an unmapped memory read, and in certain heap layout scenarios may also leak fragments of heap memory, resulting in limited information disclosure. No public exploit code has been identified at time of analysis and this vulnerability is not listed in the CISA KEV catalog.

Technical ContextAI

GNOME localsearch (CPE: cpe:2.3:a:red_hat:red_hat_enterprise_linux_8/9/10) is a metadata extraction daemon integrated into the GNOME desktop that automatically indexes files - including audio files - to support desktop search. The affected component is the MP3 Extractor module, which parses ID3v2.4 tag structures to retrieve performer metadata. CWE-125 (Out-of-bounds Read) is the root cause: the extract_performers_tags function does not validate that the tag data length stays within the bounds of the allocated heap buffer before reading performer string fields. ID3v2.4 supports variable-length frames, and a crafted frame with an inflated length value can cause the reader to advance beyond the buffer boundary, touching unmapped memory pages and triggering a crash, or reading adjacent heap allocations and exposing their contents.

RemediationAI

Apply the vendor-supplied update for the gnome-localsearch (tracker-miners) package on affected RHEL 8, 9, and 10 systems via standard package management (dnf update tracker-miners or gnome-localsearch). An exact fixed package version is not independently confirmed from the available data - consult the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2026-1764 for the precise patched RPM build. As a compensating control where patching is not immediately possible, administrators can disable automatic file indexing by running 'gsettings set org.freedesktop.Tracker3.Miner.Files enable-monitors false' or removing tracker-miners from system startup; note this will degrade desktop search functionality. Additionally, enforcing SELinux in enforcing mode (default on RHEL) limits the blast radius of any crash or heap read by confining the tracker-extract process. Do not open untrusted MP3 files on systems where patching is delayed.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5674 HIGH
8.8 Jul 16

Sandbox escape in PipeWire's PulseAudio compatibility layer lets a low-privileged process inside a confined environment

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

Vendor StatusVendor

Ubuntu

Priority: Medium
localsearch
Release Status Version
resolute not-affected 3.8.2-12
jammy DNE -
noble DNE -
questing DNE -
upstream released 3.11
tracker-miners
Release Status Version
resolute DNE -
bionic needed -
focal needed -
upstream released 3.11
jammy released 3.3.3-0ubuntu0.20.04.4
noble released 3.7.1-1ubuntu0.1
questing released 3.8.2-4ubuntu2.1

Debian

Bug #1126910
localsearch
Release Status Fixed Version Urgency
forky, sid fixed 3.11.1-3 -
(unstable) fixed 3.8.2-12 -
tracker-miners
Release Status Fixed Version Urgency
bullseye not-affected - -
bookworm vulnerable 3.4.3-1 -
trixie vulnerable 3.8.2-4 -
(unstable) fixed (unfixed) -

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed
SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 Fixed
SUSE Linux Enterprise Workstation Extension 15 SP7 Fixed
openSUSE Leap 15.6 Fixed

Share

EUVD-2026-37025 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy