Skip to main content

MediaInfoLib CVE-2026-28764

| EUVD-2026-31255 HIGH
Use of Out-of-range Pointer Offset (CWE-823)
2026-05-21 talos GHSA-5x97-5xp3-2v33
Buffer Overflow Memory Corruption
7.8
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 10:45 vuln.today

DescriptionNVD

MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability

AnalysisAI

Heap-based buffer overflow in MediaArea MediaInfoLib's LXF (Leitch eXchange Format) element parser allows attackers to achieve arbitrary code execution when a victim opens a maliciously crafted LXF media file. The flaw, disclosed by Cisco Talos as TALOS-2026-2371 and assigned CWE-823, requires user interaction and local file access but no privileges, and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all systems running MediaArea MediaInfoLib; assess which business processes depend on LXF file handling; distribute user awareness notice warning against opening media files from untrusted sources. Within 7 days: Implement application sandboxing or process isolation for MediaInfoLib; disable LXF format support where operationally feasible; restrict file type ingestion to known-safe formats. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-28764 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy