Skip to main content

GNOME localsearch EUVDEUVD-2026-37028

| CVE-2026-1767 HIGH
Buffer Access with Incorrect Length Value (CWE-805)
2026-06-16 fedora GHSA-f723-ggf4-5m9h
8.1
CVSS 3.1 · NVD
Share

Severity by source

Vendor (fedora) PRIMARY
MEDIUM
qualitative
NVD
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
vuln.today AI
8.1 HIGH

AV:N because indexer auto-parses attacker-supplied files without user interaction; PR:L since an active indexing user session is required; C:H for heap leak potential, I:N per description, A:H for crash.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N
Ubuntu
MEDIUM
qualitative
SUSE
5.6 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
Red Hat
5.6 MEDIUM
qualitative

Primary rating from Vendor (fedora).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

6
Analysis Updated
Jun 16, 2026 - 20:43 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 16, 2026 - 20:43 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 16, 2026 - 20:37 vuln.today
cvss_changed
Severity Changed
Jun 16, 2026 - 20:37 NVD
MEDIUM HIGH
CVSS changed
Jun 16, 2026 - 20:37 NVD
5.6 (MEDIUM) 8.1 (HIGH)
Analysis Generated
Jun 16, 2026 - 02:17 vuln.today

DescriptionNVD

A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length calculation during the parsing of performer tags can lead to a read beyond the allocated buffer, potentially causing a Denial of Service (DoS) due to a crash or enabling information disclosure.

AnalysisAI

Heap buffer overflow in GNOME localsearch (formerly tracker-miners) tracker-extract-mp3 component on Red Hat Enterprise Linux 8/9/10, Ubuntu, Debian, and SUSE allows remote attackers to trigger an out-of-bounds heap read by delivering a malformed MP3 file with crafted ID3 performer tags, leading to crashes (DoS) or disclosure of process memory contents. No public exploit identified at time of analysis, and the EPSS score of 0.19% (9th percentile) plus CISA SSVC 'Exploitation: none' indicate low real-world exploitation activity despite the 8.1 CVSS rating. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Craft MP3 with malformed ID3 performer tag
Delivery
Deliver via download, share, or email
Exploit
File lands in tracker-monitored directory
Execution
localsearch auto-invokes tracker-extract-mp3
Persist
Length miscalculation triggers heap OOB read
Impact
Process crash or heap memory leaked to indexer DB

Vulnerability AssessmentAI

Exploitation Exploitation requires (1) GNOME localsearch / tracker-miners installed and the user-session tracker-extract-mp3 helper enabled (default on GNOME desktop installs of RHEL 8/9/10, Ubuntu, Debian, SUSE; absent on minimal server installs), (2) an active logged-in user session whose tracker daemon is actively indexing - hence PR:L in the CVSS vector, (3) the crafted MP3 must land in a directory monitored by tracker3 (typically ~/Music, ~/Downloads, ~/Documents, or removable media), and (4) the specific code path is the performer-tag parser inside the ID3 frame handler, so the file must contain a malformed performer frame, not just any malformed MP3. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals point in opposite directions and warrant nuance. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker hosts a malicious MP3 with a malformed ID3 performer frame on a download site, file share, or email attachment. A targeted user saves the file to their Downloads or Music folder; GNOME localsearch wakes up automatically, calls tracker-extract-mp3 on the new file, miscalculates the performer-frame length, and reads past the heap buffer - either crashing the extractor (DoS) or exfiltrating adjacent heap bytes (e.g., via SPARQL metadata fields the extractor writes back). …
Remediation Apply the vendor-released patches as soon as they are available for your distribution: on Red Hat Enterprise Linux 8/9/10 install the localsearch/tracker-miners update referenced in the Red Hat advisory at https://access.redhat.com/security/cve/CVE-2026-1767; on Ubuntu install the package update from USN-8019-1 at https://ubuntu.com/security/notices/USN-8019-1; on SUSE apply SUSE-SU-2026:0780 (https://www.suse.com/support/update/SUSE-SU-2026:0780/) or SUSE-SU-2026:21854 (https://www.suse.com/support/update/SUSE-SU-2026:21854/); on Debian track bug #1126910 for the fixed package. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

24 hours: Identify all systems running GNOME localsearch (tracker-miners) on RHEL 8/9/10, Ubuntu, Debian, and SUSE. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

CVE-2026-35091 HIGH
8.2 Apr 01

Out-of-bounds read in Corosync allows unauthenticated remote attackers to crash cluster nodes and potentially leak memor

CVE-2026-42013 HIGH
8.2 May 26

Here is the multi-source synthesis as a single JSON object: ```json { "product_name": "GnuTLS", "summary": "Certifi

Vendor StatusVendor

Ubuntu

Priority: Medium
localsearch
Release Status Version
jammy DNE -
noble DNE -
questing DNE -
upstream released 3.11
tracker-miners
Release Status Version
upstream released 3.11
jammy released 3.3.3-0ubuntu0.20.04.4
noble released 3.7.1-1ubuntu0.1
questing released 3.8.2-4ubuntu2.1
bionic not-affected code not present
focal not-affected code not present

Debian

Bug #1126910
localsearch
Release Status Fixed Version Urgency
forky, sid fixed 3.11.1-3 -
(unstable) fixed 3.8.2-12 -
tracker-miners
Release Status Fixed Version Urgency
bullseye not-affected - -
bookworm vulnerable 3.4.3-1 -
trixie vulnerable 3.8.2-4 -
(unstable) fixed (unfixed) -

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed
SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 Fixed
SUSE Linux Enterprise Workstation Extension 15 SP7 Fixed
openSUSE Leap 15.6 Fixed

Share

EUVD-2026-37028 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy