{"id":"USN-8019-1","summary":"tracker-miners vulnerabilities","details":"Fatih Çelik discovered that tracker-miners incorrectly handled certain\nmalformed MP3 files. An attacker could use this issue to cause\ntracker-miners to crash, resulting in a denial of service, or possibly\nexecute arbitrary code.","modified":"2026-04-27T18:47:19.815584364Z","published":"2026-02-05T14:47:57Z","related":["UBUNTU-CVE-2026-1764","UBUNTU-CVE-2026-1765","UBUNTU-CVE-2026-1766","UBUNTU-CVE-2026-1767"],"upstream":["CVE-2026-1764","CVE-2026-1765","CVE-2026-1766","CVE-2026-1767","UBUNTU-CVE-2026-1764","UBUNTU-CVE-2026-1765","UBUNTU-CVE-2026-1766","UBUNTU-CVE-2026-1767"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-8019-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-1764"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-1765"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-1766"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2026-1767"}],"affected":[{"package":{"name":"tracker-miners","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/tracker-miners@3.3.3-0ubuntu0.20.04.4?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.3-0ubuntu0.20.04.4"}]}],"versions":["3.1.3-1","3.1.3-4","3.3.0~beta-1","3.3.0~rc-1","3.3.0-1","3.3.3-0ubuntu0.20.04.1","3.3.3-0ubuntu0.20.04.2","3.3.3-0ubuntu0.20.04.3"],"ecosystem_specific":{"binaries":[{"binary_name":"tracker-extract","binary_version":"3.3.3-0ubuntu0.20.04.4"},{"binary_name":"tracker-miner-fs","binary_version":"3.3.3-0ubuntu0.20.04.4"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2026-1764","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-1765","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-1766","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-1767","severity":[{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:22.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8019-1.json"}},{"package":{"name":"tracker-miners","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/tracker-miners@3.7.1-1ubuntu0.1?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7.1-1ubuntu0.1"}]}],"versions":["3.4.3-2","3.4.5-3","3.4.6-1","3.4.6-3","3.7.0-1","3.7.1-1","3.7.1-1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"tracker-extract","binary_version":"3.7.1-1ubuntu0.1"},{"binary_name":"tracker-miner-fs","binary_version":"3.7.1-1ubuntu0.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2026-1764","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-1765","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-1766","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-1767","severity":[{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:24.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8019-1.json"}},{"package":{"name":"tracker-miners","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/tracker-miners@3.8.2-4ubuntu2.1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.8.2-4ubuntu2.1"}]}],"versions":["3.8.2-4","3.8.2-4ubuntu1","3.8.2-4ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_name":"tracker-extract","binary_version":"3.8.2-4ubuntu2.1"},{"binary_name":"tracker-miner-fs","binary_version":"3.8.2-4ubuntu2.1"},{"binary_name":"tracker-test-utils","binary_version":"3.8.2-4ubuntu2.1"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[{"id":"CVE-2026-1764","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-1765","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-1766","severity":[{"type":"Ubuntu","score":"medium"}]},{"id":"CVE-2026-1767","severity":[{"type":"Ubuntu","score":"medium"}]}],"ecosystem":"Ubuntu:25.10"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8019-1.json"}}],"schema_version":"1.7.5"}