Description
MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability
Published: 2026-05-26
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

MediaArea's MediaInfoLib contains a heap-based buffer overflow that occurs when parsing files with the LXF format. The flaw allows an attacker to provide a crafted LXF file that overflows a heap buffer, potentially leading to arbitrary code execution. This weakness, classified as CWE-191, can compromise the confidentiality, integrity, and availability of systems that load malicious LXF files.

Affected Systems

The affected product is MediaArea MediaInfoLib. No version information is provided, so any installation that uses the LXF parsing component may be vulnerable until a patch becomes available.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.8, indicating high severity. The EPSS score is not available, and the vulnerability is not listed in CISA's KEV catalog. The attack vector is inferred to be the execution of a malicious LXF file, either through local file modification or external file injection into an application that processes LXF data. No public exploit has been disclosed as of the information provided.

Generated by OpenCVE AI on May 26, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify whether a newer version of MediaInfoLib that fixes the LXF buffer overflow has been released by MediaArea and plan to upgrade immediately.
  • If an upgrade is not yet feasible, restrict or disable the loading of LXF files from untrusted sources to prevent the vulnerable parser from being invoked.
  • Configure monitoring to alert on anomalous crashes or signs of heap corruption in applications that use MediaInfoLib.

Generated by OpenCVE AI on May 26, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
References

Tue, 26 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 10:30:00 +0000

Type Values Removed Values Added
Title LXF Parsing Heap-Based Buffer Overflow in MediaInfoLib

Tue, 26 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability
Weaknesses CWE-191
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2026-05-26T12:27:52.219Z

Reserved: 2026-02-06T17:51:41.480Z

Link: CVE-2026-25104

cve-icon Vulnrichment

Updated: 2026-05-26T09:08:20.382Z

cve-icon NVD

Status : Received

Published: 2026-05-26T09:16:19.397

Modified: 2026-05-26T10:16:17.913

Link: CVE-2026-25104

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T10:30:03Z

Weaknesses