Cisco Talos disclosed four heap-based buffer overflow vulnerabilities in the MediaArea MediaInfoLib library affecting version 26.01. The flaws, tracked as CVE-2026-25104, CVE-2026-25713, CVE-2026-28764, and CVE-2026-22554, were discovered by Dimitrios Tatsis and mapped by Talos to TALOS-2026-2367, TALOS-2026-2368, TALOS-2026-2371, and TALOS-2026-2374.
Talos said the vulnerabilities can be triggered when an attacker supplies a specially crafted media file, potentially leading to arbitrary code execution in affected environments. MediaArea has patched the issues under Cisco’s third-party vulnerability disclosure process, and Talos said updated Snort rule sets are available to help defenders detect exploitation attempts targeting the library.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
5 events from the most recent confirmed update back to the earliest known activity.
The vendor patched the four MediaInfoLib vulnerabilities under Cisco's third-party vulnerability disclosure policy. Talos also said Snort coverage is available to help detect exploitation attempts.
Cisco Talos disclosed four heap-based buffer overflow vulnerabilities affecting MediaArea MediaInfoLib version 26.01. The flaws, discovered by Dimitrios Tatsis, can be triggered with a malicious media file and may lead to arbitrary code execution.
Cisco Talos publicly released details of a heap-based buffer overflow in MediaInfoLib 26.01's Channel Splitting functionality when parsing specially crafted RIFF audio files. Talos said the flaw, originally reported to the vendor on 2026-03-25 and patched on 2026-05-12, could lead to out-of-bounds heap writes and possible arbitrary code execution.
MediaArea released a patch for the MediaInfoLib 26.01 heap-based buffer overflow in LXF element parsing that Talos had previously reported. The flaw could be triggered with a crafted .lxf file and may lead to arbitrary code execution.
Cisco Talos contacted MediaArea on 2026-03-25 to disclose a heap-based buffer overflow vulnerability in MediaInfoLib 26.01's LXF parsing functionality. The issue could be triggered with a crafted .lxf file and may lead to arbitrary code execution.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
6 references tracked. Mallory keeps watching after this page renders.
malware.news
Open sourceblog.talosintelligence.com
Open sourcetalosintelligence.com
Open sourcetalosintelligence.com
Open sourcetalosintelligence.com
Open sourcetalosintelligence.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.