CVE-2026-40385

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions libexif versions through 0.6.25

Description A flaw exists in libexif that involves an unsigned 32bit integer overflow when handling Nikon MakerNote data. This issue can lead to crashes or information leaks. The issue is limited to 32bit systems.

Recommendations Update to a version of libexif newer than 0.6.25.

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2026:20929

CVE-2026-40385

JLSEC-2026-151

OESA-2026-1987

OPENSUSE-SU-2026:10717-1

Affected Products

Libexif

CVE-2026-40385

Weakness Enumeration

Related Identifiers

Affected Products

References · 27