PatchSiren cyber security CVE debrief
CVE-2026-1765 Red Hat CVE debrief
A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners). This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denial of Service (DoS) where the application crashes. It may also potentially expose sensitive information from the system's memory.
- Vendor
- Red Hat
- Product
- Red Hat Enterprise Linux 10
- CVSS
- MEDIUM 5.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-16
- Original CVE updated
- 2026-06-16
- Advisory published
- 2026-06-16
- Advisory updated
- 2026-06-16
Who should care
Users of GNOME localsearch (previously known as tracker-miners) should be aware of this vulnerability and take steps to mitigate it.
Technical summary
The vulnerability has a CVSS score of 5.6 and is classified as MEDIUM severity. The CVSS vector is CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H. The weakness is classified as CWE-125.
Defensive priority
MEDIUM
Recommended defensive actions
- Update GNOME localsearch (previously known as tracker-miners) to the latest version.
- Avoid processing untrusted MP3 files.
Evidence notes
The vulnerability was reported by Redhat.
Official resources
CVE-2026-1765 was published on 2026-06-16T02:16:18.170Z and has not been modified since then.