Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Localsearch: tracker-miners: gnome localsearch mp3 extractor: heap buffer overflow leading to denial of service or information disclosure via malformed mp3 id3 tags
Vulnerability Description
A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component. A remote attacker could exploit this heap buffer overflow vulnerability by providing a specially crafted MP3 file containing malformed ID3 tags. This incorrect length calculation during the parsing of performer tags can lead to a read beyond the allocated buffer, potentially causing a Denial of Service (DoS) due to a crash or enabling information disclosure.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H
Vulnerability Type
使用不正确的长度值访问缓冲区
Vulnerability Title
GNOME localsearch 安全漏洞
Vulnerability Description
GNOME localsearch是GNOME开源的一个文件搜索引擎。 GNOME localsearch存在安全漏洞,该漏洞源于MP3 Extractor tracker-extract-mp3解析标签时长度计算错误,可能导致堆缓冲区溢出、拒绝服务攻击或信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A