Severity by source
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
AnalysisAI
Heap-based buffer overflow in MediaArea MediaInfoLib's LXF (Leitch eXchange Format) element parser allows attackers to achieve arbitrary code execution when a victim opens a maliciously crafted LXF media file. The flaw, disclosed by Cisco Talos as TALOS-2026-2371 and assigned CWE-823, requires user interaction and local file access but no privileges, and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.
Technical ContextAI
MediaInfoLib is the open-source parsing library that powers the MediaInfo tool and is widely embedded in media management pipelines, asset workflows, transcoders, and forensic tools to extract codec, container, and stream metadata. The vulnerability lies in the LXF (Leitch eXchange Format, a broadcast container format) demuxer, where element parsing performs an out-of-range pointer offset (CWE-823) leading to a heap-based buffer overflow when sizes or offsets inside an LXF element are not validated against the underlying allocation. Because MediaInfoLib is consumed by many downstream products (desktop MediaInfo, server-side ingest tools, NLE plugins) via the same shared parsing code path, any consumer that hands attacker-controlled LXF files to the library inherits this exposure.
RemediationAI
No vendor-released patch identified at time of analysis from the provided data; defenders should consult the Talos report at https://talosintelligence.com/vulnerability_reports/TALOS-2026-2371 and the MediaArea downloads page to identify and deploy the fixed MediaInfoLib build once published, then rebuild or update any downstream tooling that statically links or bundles libmediainfo. As compensating controls until a patched build is rolled out, restrict the library from processing untrusted LXF input - for example, filter or block .lxf extensions at the ingest gateway, gate file uploads through a sandbox that drops or normalizes broadcast container formats, and run MediaInfo-based scanners under low-privileged service accounts with seccomp/AppArmor or a container so a successful overflow cannot pivot; the trade-off is that LXF-bearing broadcast workflows will need a manual exception path.
More in Mediainfolib
View allHeap-based buffer overflow in MediaArea MediaInfoLib's LXF (Leitch eXchange Format) parser allows attackers to achieve a
Heap buffer overflow in MediaArea MediaInfoLib's ID3v2 metadata parser allows local attackers to achieve arbitrary code
Heap-based buffer overflow in MediaArea MediaInfoLib's Channel Splitting parser allows attackers to corrupt heap memory
Same weakness CWE-823 – Use of Out-of-range Pointer Offset
View allSame technique Memory Corruption
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-31255
GHSA-5x97-5xp3-2v33