Skip to main content

MediaInfoLib CVE-2026-28764

| EUVDEUVD-2026-31255 HIGH
Use of Out-of-range Pointer Offset (CWE-823)
2026-05-21 talos GHSA-5x97-5xp3-2v33
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
May 21, 2026 - 10:45 vuln.today

DescriptionCVE.org

MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability

AnalysisAI

Heap-based buffer overflow in MediaArea MediaInfoLib's LXF (Leitch eXchange Format) element parser allows attackers to achieve arbitrary code execution when a victim opens a maliciously crafted LXF media file. The flaw, disclosed by Cisco Talos as TALOS-2026-2371 and assigned CWE-823, requires user interaction and local file access but no privileges, and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

Technical ContextAI

MediaInfoLib is the open-source parsing library that powers the MediaInfo tool and is widely embedded in media management pipelines, asset workflows, transcoders, and forensic tools to extract codec, container, and stream metadata. The vulnerability lies in the LXF (Leitch eXchange Format, a broadcast container format) demuxer, where element parsing performs an out-of-range pointer offset (CWE-823) leading to a heap-based buffer overflow when sizes or offsets inside an LXF element are not validated against the underlying allocation. Because MediaInfoLib is consumed by many downstream products (desktop MediaInfo, server-side ingest tools, NLE plugins) via the same shared parsing code path, any consumer that hands attacker-controlled LXF files to the library inherits this exposure.

RemediationAI

No vendor-released patch identified at time of analysis from the provided data; defenders should consult the Talos report at https://talosintelligence.com/vulnerability_reports/TALOS-2026-2371 and the MediaArea downloads page to identify and deploy the fixed MediaInfoLib build once published, then rebuild or update any downstream tooling that statically links or bundles libmediainfo. As compensating controls until a patched build is rolled out, restrict the library from processing untrusted LXF input - for example, filter or block .lxf extensions at the ingest gateway, gate file uploads through a sandbox that drops or normalizes broadcast container formats, and run MediaInfo-based scanners under low-privileged service accounts with seccomp/AppArmor or a container so a successful overflow cannot pivot; the trade-off is that LXF-bearing broadcast workflows will need a manual exception path.

Share

CVE-2026-28764 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy