CVE-2026-40341

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp unpack EOS FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available.