Description
MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
Published: 2026-05-21
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

MediaInfoLib from MediaArea includes a heap‑based buffer overflow in the parsing of the LXF element. This flaw can corrupt memory when a specially crafted media file is processed, potentially leading to arbitrary code execution or a denial‑of‑service crash. The description does not detail a confirmed exploitation path, but heap overflows in parsing libraries typically allow attackers to execute code or cause process termination if the vulnerable media file is opened by an application that uses the library.

Affected Systems

The vulnerability affects MediaArea’s MediaInfoLib library. No specific affected versions are listed, so all releases that contain the LXF parsing functionality are potentially vulnerable until a patch is issued. Users should consult MediaArea’s release notes or product documentation to verify whether their installed version includes the fix.

Risk and Exploitability

The CVSS score of 7.8 indicates high severity, and although the EPSS score is not available and the issue is not listed in the CISA KEV catalog, the potential for arbitrary code execution through improperly validated media files makes the risk significant. Attackers are likely to exploit this flaw by delivering malicious media to an application that uses the library; the lack of public exploit data suggests the CVE has not yet been widely leveraged, but the high CVSS reflects the catastrophic impact if successful.

Generated by OpenCVE AI on May 21, 2026 at 11:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update MediaInfoLib to the latest patched version once MediaArea releases it.
  • If an update is unavailable, disable or remove the LXF element parsing feature, or restrict the library to only trusted media sources.
  • Employ runtime mitigations such as address‑space layout randomization (ASLR), stack canaries, and compile‑time sanitizers (address, bounds) when building applications that incorporate MediaInfoLib.

Generated by OpenCVE AI on May 21, 2026 at 11:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 21 May 2026 19:30:00 +0000

Type Values Removed Values Added
References

Thu, 21 May 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 21 May 2026 11:45:00 +0000

Type Values Removed Values Added
Title Heap‑Based Buffer Overflow in MediaInfoLib LXF Element Parsing

Thu, 21 May 2026 10:15:00 +0000

Type Values Removed Values Added
Description MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability
Weaknesses CWE-823
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: talos

Published:

Updated: 2026-05-21T17:41:28.747Z

Reserved: 2026-03-09T18:02:10.574Z

Link: CVE-2026-28764

cve-icon Vulnrichment

Updated: 2026-05-21T17:41:28.747Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-21T10:16:25.090

Modified: 2026-05-21T19:16:52.123

Link: CVE-2026-28764

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-21T11:30:06Z

Weaknesses