EUVD-2026-38604

Module: plugins/modules/keyringinfo.py CVSS 3.1: 5.5 MEDIUM — AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Issue: The module retrieves a passphrase from the OS native keyring GNOME Keyring, macOS Keychain, Windows Credential Manager and places it directly into result"passphrase" with no output suppression...

CVE-2026-6653

Use After Free in libxml2's xmlParseInternalSubset from GNOME libxml2 version 2.9.11 to 2.11.0 allows a remote attacker to cause a denial-of-service via maliciously crafted XML input with improper entity resolution handling...

Astra Linux – Vulnerability in glib2.0

The gio/gsocks4aproxy.c file in GNOME GLib before version 2.82.1 contains an off-by-one error, leading to a buffer overflow. This issue arises because the SOCKS4CONNMSGLEN field is not sufficient to include a trailing '\0' character...

Astra Linux – Vulnerability in glib2.0

A issue was discovered in GNOME GLib before version 2.66.8. When the gfilereplace function is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly creates the target of the symlink as an empty file. This could potentially have security implications ...

UBUNTU-CVE-2026-12322

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

EUVD-2026-37068

Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152...

CVE-2026-12322

CVE-2026-12322 is a clickjacking vulnerability in the Gtk Widget component affecting Mozilla Firefox and Thunderbird. The issue, described across multiple sources, is due to a UI framing/embedding flaw that could enable deceptive UI interaction. Affected products were updated to mitigate the vuln...

CVE-2026-1767

A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...

CVE-2026-1765

A flaw was found in the tracker-extract-mp3 component of GNOME localsearch previously known as tracker-miners. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denia...

CVE-2026-1764

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker...

CVE-2026-1767

A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...

EUVD-2026-37028

A flaw was found in the GNOME localsearch previously known as tracker-miners MP3 Extractor tracker-extract-mp3 component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length...

EUVD-2026-37027

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...

CVE-2026-1766 Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and information disclosure via malformed mp3 files.

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor, specifically within the tracker-extract-mp3 component. This heap buffer overflow vulnerability occurs when processing specially crafted MP3 files containing malformed ID3v2.3 COMM Comment tags. An attacker cou...

CVE-2026-1766

CVE-2026-1766 concerns GNOME localsearch (tracker-extract-mp3) and its MP3 Extractor, where a heap buffer overflow occurs while parsing MP3 files with malformed ID3v2.3 COMM tags. Exploitation can cause DoS (crash) and may disclose heap data. Public advisories and patches exist across multiple ve...

CVE-2026-1765

CVE-2026-1765 concerns GNOME localsearch’s tracker-miners: the tracker-extract-mp3 component is vulnerable to a heap buffer overflow when processing crafted MP3 files, potentially causing Denial of Service (crash) and, in some cases, information disclosure from memory. The issue is confirmed acro...

CVE-2026-1765 Localsearch: tracker-miners: gnome localsearch mp3 extractor: denial of service and potential information disclosure via crafted mp3 files

A flaw was found in the tracker-extract-mp3 component of GNOME localsearch previously known as tracker-miners. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denia...

EUVD-2026-37026

A flaw was found in the tracker-extract-mp3 component of GNOME localsearch previously known as tracker-miners. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denia...

CVE-2026-1764

A flaw was found in GNOME localsearch previously known as tracker-miners MP3 Extractor. When processing specially crafted MP3 files containing ID3v2.4 tags, a missing bounds check in the extractperformerstags function can lead to a heap buffer overflow. This vulnerability allows a remote attacker...

CVE-2026-1764

The CVE-2026-1764 to CVE-2026-1767 family affects GNOME localsearch (tracker-miners) MP3 extraction. Root cause: a missing bounds check in extract_performers_tags when parsing MP3 files (ID3v2.x), enabling a heap buffer overflow. Impact: Denial of Service (remote or local depending on context) vi...