CVE-2026-40386
- Source
- https://cve.org/CVERecord?id=CVE-2026-40386
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-40386.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2026-40386
- Downstream
- Related
- Published
- 2026-04-12T18:19:08.684Z
- Modified
- 2026-06-18T03:57:34.542046631Z
- Severity
-
- 4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVSS Calculator
- Summary
- [none]
- Details
-
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
- Database specific
{ "cwe_ids": [ "CWE-191" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40386.json", "cna_assigner": "mitre" }- References
Affected packages
Git / github.com/libexif/libexif
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libexif/libexif
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Database specific
{ "extracted_events": [ { "introduced": "0" }, { "last_affected": "0.6.25" } ], "source": [ "CPE_RANGE", "REFERENCES" ], "cpe": "cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*" }
Affected versions
Other
cvs-migration
libexif-0_5_7-rc2
libexif-0_5_7-rc3
libexif-0_5_7-rc4
libexif-0_5_7-release
libexif-0_5_9-release
libexif-0_6_12-release
libexif-0_6_14-release
libexif-0_6_15-release
libexif-0_6_16-release
libexif-0_6_17-release
libexif-0_6_18-release
libexif-0_6_19-release
libexif-0_6_20-release
libexif-0_6_21-release
libexif-0_6_22-release
libexif-0_6_23-release
libexif-0_6_24-release
libexif-0_6_25-release
libexif-before-0_6_0-api-change
v0.*
v0.6.23
v0.6.24
v0.6.25