MediaArea heap-based buffer overflow vulnerabilities
Cisco Talos disclosed four heap-based buffer overflow vulnerabilities (CVE-2026-25104, CVE-2026-25713, CVE-2026-28764, CVE-2026-22554) in MediaArea’s MediaInfoLib version 26.01, a widely-used open-source library for parsing technical metadata from video and audio files. All four flaws can be triggered by supplying a malicious media file, leading to arbitrary code execution. The vulnerabilities were discovered by Dimitrios Tatsis and have since been patched by the vendor. Snort detection rules are available via Snort.org for coverage against exploitation attempts.
This post is licensed under CC BY 4.0 by the author.