UBUNTU-CVE-2026-15276

Source
https://ubuntu.com/security/CVE-2026-15276
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-15276.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-15276
Upstream
Published
2026-07-10T00:00:00Z
Modified
2026-07-11T00:15:07.453260725Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
  • 1.9 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

A flaw has been found in pdeljanov Symphonia up to 0.6.0. This vulnerability affects unknown code of the component Metadata Handler. This manipulation causes denial of service. The attack needs to be launched locally. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.

References

Affected packages

Ubuntu:24.04:LTS / rust-symphonia

Package

Name
rust-symphonia
Purl
pkg:deb/ubuntu/rust-symphonia?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.5.2-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "librust-symphonia-dev",
            "binary_version": "0.5.2-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-15276.json"

Ubuntu:26.04:LTS / rust-symphonia

Package

Name
rust-symphonia
Purl
pkg:deb/ubuntu/rust-symphonia?arch=source&distro=resolute

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

0.*
0.5.4-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "librust-symphonia-dev",
            "binary_version": "0.5.4-1"
        }
    ]
}

Database specific

source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-15276.json"