Description
MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability
Published: 2026-05-26
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

MediaArea MediaInfoLib contains a heap buffer overflow in the ID3v2 tag parsing routine. The flaw allows an attacker to overflow a buffer that can be used to execute arbitrary code, compromising the confidentiality, integrity, and availability of the affected system. The weakness is a classic buffer overflow (CWE‑122).

Affected Systems

This vulnerability affects the MediaArea MediaInfoLib library. Affected versions are not listed in the data, so any installation that uses the library may be at risk unless a patch has been applied.

Risk and Exploitability

The CVSS score of 7.8 gives the flaw a high severity rating. EPSS is not available, so the likelihood of exploitation cannot be quantified, but the lack of a KEV listing does not mean the vulnerability is benign. The likely attack vector is any scenario where the library parses media files supplied by an attacker or from an untrusted source. If the library is used in a media player or server that accepts input from the network, remote exploitation is possible; otherwise the risk is limited to local users who can supply malicious media.

Generated by OpenCVE AI on May 26, 2026 at 10:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an updated version of MediaInfoLib that contains the fix for the ID3v2 parsing overflow if one is available.
  • If no patch is available, avoid feeding untrusted media files to the library or strip ID3v2 tags before parsing; alternatively, disable the ID3v2 parsing feature if the application allows it.
  • Run the media processing component in a reduced‑privilege sandbox to limit the impact of any possible exploit.

Generated by OpenCVE AI on May 26, 2026 at 10:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
References

Tue, 26 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 26 May 2026 10:30:00 +0000

Type Values Removed Values Added
Title Heap Buffer Overflow in MediaInfoLib ID3v2 Parsing

Tue, 26 May 2026 09:00:00 +0000

Type Values Removed Values Added
Description MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability
Weaknesses CWE-122
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2026-05-26T12:29:47.325Z

Reserved: 2026-02-12T16:25:35.521Z

Link: CVE-2026-25713

cve-icon Vulnrichment

Updated: 2026-05-26T09:08:22.909Z

cve-icon NVD

Status : Received

Published: 2026-05-26T09:16:19.533

Modified: 2026-05-26T10:16:18.027

Link: CVE-2026-25713

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T10:30:03Z

Weaknesses