CVE-2026-40340

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34

Description An out-of-bounds read exists in the ptp unpack OI() function within camlibs/ptp2/ptp-pack.c. The function validates that the len variable is less than PTP oi SequenceNumber (48), but it subsequently accesses offsets 48 through 56, reading up to 9 bytes beyond the validated boundary via the Samsung Galaxy 64-bit objectsize detection heuristic.

Recommendations Update to a version later than 2.5.33.