CVE-2026-22554

Vulnerability

Overview

The vulnerability is a heap-based buffer overflow in the Channel Splitting functionality of MediaInfoLib (version 26.01). The flaw resides in the File_Riff::Parser_Pcm and File_ChannelSplitting::Read_Buffer_Continue methods. When parsing a RIFF audio file with more than 2 channels, bit depth ≤32, and sample rate exactly 48000, the library copies interleaved audio data into separate buffers without proper bounds checking, leading to a heap overflow [1].

Exploitation

Exploitation requires an attacker to supply a specially crafted .riff file to a user or application using MediaInfoLib. No authentication is needed, but user interaction (opening the file) is required. The vulnerability is triggered during normal processing of the audio stream, making it a classic file-based attack vector. The CVSS v3.1 score is 7.8 (High) with vector AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access, low complexity, and high impact [1].

Impact

Successful exploitation allows an attacker to achieve arbitrary code execution in the context of the application using MediaInfoLib. This could lead to complete compromise of confidentiality, integrity, and availability of the affected system [1].

Mitigation

The vulnerability is reported by Cisco Talos and affects MediaInfoLib 26.01. Users should upgrade to a patched version beyond 26.01 as soon as available. If no patch is yet released, avoid processing untrusted RIFF files with MediaInfoLib until a fix is applied [1].