CVE-2026-1765

A flaw was found in the tracker-extract-mp3 component of GNOME localsearch previously known as tracker-miners. This vulnerability, a heap buffer overflow, occurs when processing specially crafted MP3 files. A remote attacker could exploit this by providing a malicious MP3 file, leading to a Denia...

CVE-2026-1766

CVE-2026-1766 concerns GNOME localsearch (tracker-extract-mp3) and its MP3 Extractor, where a heap buffer overflow occurs while parsing MP3 files with malformed ID3v2.3 COMM tags. Exploitation can cause DoS (crash) and may disclose heap data. Public advisories and patches exist across multiple ve...

CVE-2026-46470

An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemuxaudiocaps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero...

Lyric Video Creator 安全漏洞

Lyric Video Creator is a video lyrics production tool provided by Lyric Video Creator Inc. Version 2.1 of Lyric Video Creator has a security vulnerability. This vulnerability arises from handling malformed MP3 files, and it could allow attackers to trigger the application crash by opening special...

📄 tracker-extract 3.8.2 / tracker-miners 3.x Crash

Proof of concept exploit for tracker-extract version 3.8.2 and tracker-miners version 3.x that demonstrates a crash when parsing oversized or malformed frames from MP3/APEv2 tags...

Security update for tracker-miners

This update for tracker-miners fixes the following issues: CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files bsc1257606. CVE-2026-1765: denial of Service and potential information disclosure via crafted MP3 files bsc1257607...

SUSE-SU-2026:0780-1 Security update for tracker-miners

This update for tracker-miners fixes the following issues: - CVE-2026-1764: heap buffer overflow leads to denial of service or information disclosure when parsing MP3 files bsc1257606. - CVE-2026-1765: denial of Service and potential information disclosure via crafted MP3 files bsc1257607. -...

USN-8019-1 tracker-miners vulnerabilities

Fatih Çelik discovered that tracker-miners incorrectly handled certain malformed MP3 files. An attacker could use this issue to cause tracker-miners to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2026-1765

Heap Buffer Overflow in GNOME localsearch MP3 Extractor TXXX Tags...

PT-2026-6839

Name of the Vulnerable Software and Affected Versions tracker-miners affected versions not specified Description A flaw exists in tracker-miners related to the handling of malformed MP3 files. This issue could allow an attacker to cause tracker-miners to crash, leading to a denial of service. The...

CVE-2025-65404

CVE-2025-65404 affects Live555 Streaming Media 2018.09.02. A buffer overflow in the getSideInfo2() function allows a crafted MP3 stream to cause Denial of Service. Impact is DoS; exploitation described in public advisories (e.g., OpenVAS NASLs) with CVSS base 7.8 (Network exploit, no authenticati...

EUVD-2011-4946

Malware in sbrugna...

The vulnerability of the MP3 Stream Handler component in the Live555 multimedia streaming library allows a attacker to cause a service failure.

The vulnerability of the MP3 Stream Handler component in the Live555 multimedia streaming library lies in its ability to read data from buffers beyond acceptable limits. Exploiting this vulnerability could allow a malicious actor to cause service interruptions...

mpg123:1.32.9 security update

An update is available for mpg123. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder fo...

Moderate: mpg123:1.32.9 security update

The mpg123 packages contain real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2, and 3 most commonly MPEG 1.0 layer 3 also known as MP3, as well as re-usable decoding and output libraries. Security Fixes: mpg123: Buffer overflow when writing decoded PCM samples CVE-2024-10573 For more...

MediaTek Chip Security Breach

MediaTek chips are a variety of chips from MediaTek, a Chinese company. A security vulnerability exists in the MediaTek chips that stems from a race condition in the mp3 decoder module that may result in out-of-bounds writes...

CVE-2023-30207

A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file...

SUSE CVE-2006-2230

Multiple format string vulnerabilities in xiTK xitk/main.c in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack...

SUSE CVE-2015-0825

Stack-based buffer underflow in the mozilla::MP3FrameParser::ParseBuffer function in Mozilla Firefox before 36.0 allows remote attackers to obtain sensitive information from process memory via a malformed MP3 file that improperly interacts with memory allocation during playback...

SUSE CVE-2015-4475

The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute arbitrary code or cause a denial of service out-of-bounds read via a malformed file...