CVE-2026-40333

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34

Description Two functions in camlibs/ptp2/ptp-pack.c accept a data pointer without a length parameter, leading to unbounded reads. The calling function ptp unpack EOS events() possesses the xsize variable but fails to pass it, preventing the functions from validating reads against the buffer boundary.

Recommendations Update to version 2.5.34 or later.