Skip to main content

MediaInfoLib CVE-2026-25104

| EUVDEUVD-2026-31808 HIGH
Integer Underflow (CWE-191)
2026-05-26 talos GHSA-fmqg-j5qj-j8f6
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jun 08, 2026 - 10:18 vuln.today

DescriptionCVE.org

MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability

AnalysisAI

Heap-based buffer overflow in MediaArea MediaInfoLib's LXF (Leitch eXchange Format) parser allows attackers to achieve arbitrary code execution when a victim opens a maliciously crafted LXF media file. The flaw affects MediaInfoLib 26.01 and was reported by Cisco Talos (TALOS-2026-2367); no public exploit identified at time of analysis, and EPSS exploitation probability is very low at 0.01%.

Technical ContextAI

MediaInfoLib is a widely used open-source library from MediaArea that extracts technical and tag metadata from audio and video files, embedded in tools such as MediaInfo CLI/GUI, and consumed by media-processing pipelines, archival systems, and content-management platforms. The vulnerability resides in the parser for LXF (Leitch eXchange Format), a broadcast container format historically used by Harmonic/Leitch playout systems. The root-cause CWE-191 (Integer Underflow) - paired with the reported buffer overflow and integer overflow tags - indicates that a malformed length or size field in an LXF stream wraps around during arithmetic, producing an undersized heap allocation or oversized copy that overruns an adjacent heap chunk during subsequent parsing, corrupting heap metadata and adjacent objects.

RemediationAI

No vendor-released patch identified at time of analysis; monitor the MediaArea project (https://mediaarea.net) and the Talos advisory at https://talosintelligence.com/vulnerability_reports/TALOS-2026-2367 for a fixed version superseding 26.01, then upgrade all embedded copies of MediaInfoLib across CLI, GUI, and downstream integrations. As compensating controls until a patch is released, configure media-ingest pipelines to reject files with the LXF extension or LXF magic bytes at the gateway, which removes the attack surface entirely but blocks legitimate Leitch broadcast workflows; alternatively, run MediaInfo parsing inside a sandboxed or containerized worker with no network egress and minimal filesystem access, which contains successful exploitation at the cost of added operational complexity. End users should avoid opening LXF files from untrusted sources and disable any shell-integration previewers that auto-invoke MediaInfo on file selection.

Share

CVE-2026-25104 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy