Talos finds four heap overflows in MediaInfoLib 26.01

Cisco Talos’ Vulnerability Discovery & Research team disclosed four heap-based buffer overflow vulnerabilities in MediaArea’s MediaInfoLib version 26.01 on May 27, 2026. The issues were discovered by researcher Dimitrios Tatsis and logged by Talos as TALOS-2026-2367, TALOS-2026-2368, TALOS-2026-2371 and TALOS-2026-2374, corresponding to CVE-2026-25104, CVE-2026-25713, CVE-2026-28764 and CVE-2026-22554.

Talos reports each flaw is a heap-based buffer overflow in different MediaInfoLib routines. A vulnerable build that parses a specially crafted audio or video file can experience memory corruption that an attacker could use to execute arbitrary code. An attacker only needs to supply a malicious media file to trigger the vulnerabilities, so exposure is tied to whether an application using MediaInfoLib processes untrusted files.

MediaArea issued patched releases to address the defects following Cisco’s third-party vulnerability disclosure process. Talos published advisories with technical details and guidance for detection and mitigation. Snort intrusion detection coverage is available to detect attempts to exploit the vulnerabilities; administrators can obtain the latest Snort rule sets from Snort.org.

MediaInfoLib is an open-source library used by applications to extract technical metadata and tag data from audio and video files. Because many media processing and forensics tools integrate the library, downstream applications that parse external media files may be affected. Users and software maintainers are advised to verify MediaInfoLib versions in their deployments, update to the patched releases, and monitor network and host detection tools for signs of exploitation.