CVE-2026-40385

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-40385
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-40385.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-40385
Downstream
Related
Published
2026-04-12T18:16:30.420Z
Modified
2026-06-18T14:57:06.138340Z
Severity
  • 4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
Summary
[none]
Details

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.

Database specific 
{
    "cna_assigner": "mitre",
    "cwe_ids": [
        "CWE-190"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40385.json"
}
References

Affected packages

Git / github.com/libexif/libexif

Affected ranges

Type
GIT
Repo
https://github.com/libexif/libexif
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
93003b93e50b3d259bd2227d8775b73a53c35d58
Database specific 
{
    "cpe": "cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.6.25"
        }
    ]
}

Affected versions

Other
cvs-migration
libexif-0_5_7-rc2
libexif-0_5_7-rc3
libexif-0_5_7-rc4
libexif-0_5_7-release
libexif-0_5_9-release
libexif-0_6_12-release
libexif-0_6_14-release
libexif-0_6_15-release
libexif-0_6_16-release
libexif-0_6_17-release
libexif-0_6_18-release
libexif-0_6_19-release
libexif-0_6_20-release
libexif-0_6_21-release
libexif-0_6_22-release
libexif-0_6_23-release
libexif-0_6_24-release
libexif-0_6_25-release
libexif-before-0_6_0-api-change
v0.*
v0.6.23
v0.6.24
v0.6.25

Database specific

vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "44364553068656902013241119499066941894",
                "84803690842731361292614978179914194703",
                "69302651060603491418130840016775313020"
            ]
        },
        "id": "CVE-2026-40385-063e98f7",
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58",
        "target": {
            "file": "libexif/olympus/exif-mnote-data-olympus.c"
        }
    },
    {
        "digest": {
            "function_hash": "124667694046732373236033063371576930238",
            "length": 6426.0
        },
        "id": "CVE-2026-40385-5b4f5524",
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58",
        "target": {
            "file": "libexif/olympus/exif-mnote-data-olympus.c",
            "function": "exif_mnote_data_olympus_load"
        }
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-40385.json"
vanir_signatures_modified 
"2026-06-18T14:57:06Z"