Talos: Four MediaInfoLib heap overflows allow code execution

On May 27, 2026, Cisco Talos’ Vulnerability Discovery & Research team published advisories describing four heap-based buffer overflow vulnerabilities in MediaArea’s MediaInfoLib version 26.01. The issues were discovered by researcher Dimitrios Tatsis and reported through Talos’ disclosure process.

Talos assigned internal advisory numbers TALOS-2026-2367, TALOS-2026-2368, TALOS-2026-2371 and TALOS-2026-2374 and mapped the findings to CVE-2026-25104, CVE-2026-25713, CVE-2026-28764 and CVE-2026-22554. Each vulnerability is a heap-based buffer overflow in different parts of the library that can be triggered by a specially crafted media file and can allow an attacker to execute arbitrary code on an affected system.

MediaInfoLib is an open-source library and user interface used to present technical and tagging information for audio and video files. MediaArea produces the library and related tools for digital media analysis and file investigation. Talos reported the overflows affect multiple functions within the 26.01 release and can be reached simply by opening a malicious media file.

MediaArea has issued patches addressing the reported flaws. Talos posted technical advisories with details and mitigation guidance. Users of the Snort intrusion detection system can download updated rule sets from Snort.org for detection coverage of exploit attempts.

Administrators are advised to update MediaInfoLib to the patched release, verify that deployments do not accept untrusted files without scanning, and deploy updated intrusion detection rules to detect attempts to exploit these heap overflows. Talos’ advisories include indicators and detection signatures to help identify malicious input and remediate affected systems.