Contact us
Contact us

News

About

Home Crypto News Cisco Talos: Four MediaInfoLib Heap Overflows Let Code Run

Cisco Talos: Four MediaInfoLib Heap Overflows Let Code Run

Author Whitewallet Research
Posted: 30 May 2026, 18:49 CET 2 min read

Cisco Talos disclosed four heap-based buffer overflows in MediaInfoLib 26.01 that allow arbitrary code execution when processing crafted media files; MediaArea has released patches.

Cisco Talos’ Vulnerability Discovery & Research team published advisories on May 27, 2026, disclosing four heap-based buffer overflow vulnerabilities in MediaInfoLib version 26.01. The issues were reported by Dimitrios Tatsis of Cisco Talos and fixes were coordinated with MediaArea, which has released patched versions of the library.

Talos assigned four advisories: TALOS-2026-2367 (CVE-2026-25104), TALOS-2026-2368 (CVE-2026-25713), TALOS-2026-2371 (CVE-2026-28764) and TALOS-2026-2374 (CVE-2026-22554). Each advisory describes a heap-based buffer overflow in different parts of the MediaInfoLib codebase. A specially crafted media file can trigger the overflows and may allow arbitrary code execution on systems that parse the file with an affected build of the library.

MediaInfoLib provides metadata extraction and a user interface for technical and tag data in audio and video files. The library is included in applications and processing workflows that open or analyze media files; if those applications use a vulnerable MediaInfoLib binary, they can be exposed when handling untrusted content.

Heap-based buffer overflows occur when code writes more data into a heap memory buffer than it can hold, which can corrupt memory and let an attacker change program control flow. When the overflow can be triggered by a crafted external file, the attacker may be able to run arbitrary code with the privileges of the process that parses the file.

Snort intrusion detection rule sets have been updated to detect attempts to exploit these specific vulnerabilities; the updated rules are available from Snort.org. Talos has posted the full vulnerability advisories and technical indicators on its Talos Intelligence site. MediaArea’s updates contain the patched releases that address the reported flaws.

Organizations that process untrusted media files with MediaInfoLib are advised to apply the vendor patches and to obtain the updated Snort rules if they use network intrusion detection. The advisories list affected versions and provide technical details for defenders.

Whitewallet Research
Author

Articles by this author

Custodial vs non-custodial wallet
Custodial vs non-custodial wallet
6 hours ago
What is a crypto seed phrase
What is a crypto seed phrase
5 days ago
Seed phrase vs private key
Seed phrase vs private key
may 21
Global South trails in generative AI, Microsoft finds
Global South trails in generative AI, Microsoft finds
may 21
Anthropic lets Glasswing partners publish Mythos-found flaws
Anthropic lets Glasswing partners publish Mythos-found flaws
may 19

Latest News

MORE
Enterprise racks up 0M Claude bill after no usage caps

Enterprise racks up $500M Claude bill after no usage caps

1 day ago 2 min read
BlackRock-Led Bitcoin ETFs Post Ninth Straight Day of Outflows

BlackRock-Led Bitcoin ETFs Post Ninth Straight Day of Outflows

1 day ago 1 min read
Trump Push Spurs SEC, Senate and Ripple on CLARITY Act

Trump Push Spurs SEC, Senate and Ripple on CLARITY Act

1 day ago 2 min read
Anthropic launches Claude Opus 4.8 with Effort Control

Anthropic launches Claude Opus 4.8 with Effort Control

2 days ago 2 min read
MORE