MediaArea heap-based buffer overflow vulnerabilities_TALOSBLOG:3CE3EFD6D6C12FCADA2BE088C9F13B22

7.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Description

![MediaArea heap-based buffer overflow vulnerabilities](https://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/05/vuln_roundup-1.jpg)

Cisco Talos' Vulnerability Discovery & Research team recently disclosed four vulnerabilities in MediaArea MediaInfoLib library.

The vulnerabilities mentioned in this blog post have been patched by their respective vendor, in adherence to _Cisco 's third-party vulnerability disclosure policy_.

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from _Snort.org_, and our latest Vulnerability Advisories are always posted on _Talos Intelligence 's website_.

## **MediaArea vulnerabilities**

_Discovered by Dimitrios Tatsis of Cisco Talos._

MediaArea produces digital media analysis open-source software, as well as support tools for file investigation. MediaInfoLib provides a UI for technical and tag data for video and audio media files. Talos discovered four vulnerabilities in MediaInfoLib.

_TALOS-2026-2367_ (CVE-2026-25104), _TALOS-2026-2368_ (CVE-2026-25713), _TALOS-2026-2371_ (CVE-2026-28764), and _TALOS-2026-2374_ (CVE-2026-22554) are heap-based buffer overflow vulnerabilities in various functionalities of MediaInfoLib (version(s): 26.01). All can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.

Visit Original Source

Basic Information

ID TALOSBLOG:3CE3EFD6D6C12FCADA2BE088C9F13B22

Published May 27, 2026 at 14:00

{
    "lastseen": "2026-05-27T16:25:42",
    "description": "![MediaArea heap-based buffer overflow vulnerabilities](https://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/05/vuln_roundup-1.jpg)\n\nCisco Talos' Vulnerability Discovery & Research team recently disclosed four vulnerabilities in MediaArea MediaInfoLib library.\n\nThe vulnerabilities mentioned in this blog post have been patched by their respective vendor, in adherence to _Cisco 's third-party vulnerability disclosure policy_.\n\nFor Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from _Snort.org_, and our latest Vulnerability Advisories are always posted on _Talos Intelligence 's website_.\n\n## **MediaArea vulnerabilities**\n\n _Discovered by Dimitrios Tatsis of Cisco Talos._\n\nMediaArea produces digital media analysis open-source software, as well as support tools for file investigation. MediaInfoLib provides a UI for technical and tag data for video and audio media files. Talos discovered four vulnerabilities in MediaInfoLib.\n\n_TALOS-2026-2367_ (CVE-2026-25104), _TALOS-2026-2368_ (CVE-2026-25713), _TALOS-2026-2371_ (CVE-2026-28764), and _TALOS-2026-2374_ (CVE-2026-22554) are heap-based buffer overflow vulnerabilities in various functionalities of MediaInfoLib (version(s): 26.01). All can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.",
    "published": "2026-05-27T14:00:14",
    "modified": "2026-05-27T14:00:14",
    "type": "talosblog",
    "title": "MediaArea heap-based buffer overflow vulnerabilities",
    "source": "",
    "references": "",
    "id": "TALOSBLOG:3CE3EFD6D6C12FCADA2BE088C9F13B22",
    "bulletinFamily": "blog",
    "cwe": null,
    "cvelist": [
        "CVE-2026-25713"
    ],
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 7.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://blog.talosintelligence.com/mediaarea-heap-based-buffer-overflow-vulnerabilities/",
    "category_name": "News",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

💭 Join the Security Discussion ❌ Cancel Reply