A heap buffer overflow vulnerability exists in MediaArea MediaInfoLib's ID3v2 parsing functionality. The flaw, assigned CVSS 3.1 score 7.8 (HIGH), allows local attackers to achieve high-impact confidentiality, integrity, and availability compromises through user-assisted attack vectors. The vulnerability stems from improper heap-based buffer handling (CWE-122) during ID3v2 metadata parsing operations. As [truncated]
A heap-based buffer overflow vulnerability exists in MediaArea MediaInfoLib's LXF (Leitch Video Format) parsing functionality. The flaw, assigned CWE-191 (Integer Underflow), can be triggered when processing malformed LXF files, potentially leading to arbitrary code execution. The vulnerability carries a CVSS 3.1 score of 7.8 (HIGH severity) with a local attack vector requiring user interaction. Cisco Tal [truncated]
CVE-2026-28764 describes a heap-based buffer overflow in MediaArea MediaInfoLib’s LXF element parsing path. The supplied CVSS vector rates it HIGH with local access and user interaction required, and the impact is recorded as high across confidentiality, integrity, and availability.
CVE-2026-22554 is a high-severity heap-based buffer overflow in MediaArea MediaInfoLib’s channel splitting logic. The official NVD record cites a Talos CNA report and assigns a 7.8 CVSS score, with local access and user interaction required. Organizations that embed or ship MediaInfoLib should confirm whether they rely on affected builds and prioritize updates or compensating controls once vendor guidance [truncated]