The vulnerability is a heap-based buffer overflow in the MediaArea MediaInfoLib component that handles channel splitting. The flaw allows corruption of the heap when parsing a crafted media file, potentially leading to arbitrary code execution or memory corruption during file evaluation. The weakness is identified as CWE-122, indicating a bounds‑check failure that can result in out‑of‑bounds writes.

Affected product is MediaInfoLib from MediaArea. The advisory does not list specific release versions; we infer that any build containing the unpatched channel‑splitting routine could be vulnerable. Applications that embed MediaInfoLib – such as media players, editors, or transcoding tools – may also be impacted, as they typically parse media files that could trigger the overflow.

The CVSS score of 7.8 reflects significant impact and a moderate likelihood of exploitation. EPSS is not available, and the issue is not listed in the KEV catalog, suggesting that publicly known exploit code may not yet be widespread. The likely attack vector is a locally crafted media file that is parsed by the vulnerable library; based on the description, we infer that if the library is exposed to untrusted input, remote exploitation may be possible through applications that load such files. No official patch or workaround is listed, so the reliable mitigation is to upgrade to a version that resolves the channel‑splitting buffer overflow.