CVE-2026-40386 | THREATINT

Description

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

PUBLISHED Reserved 2026-04-12 | Published 2026-04-12 | Updated 2026-04-14 | Assigner mitre

MEDIUM: 4.0CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Problem types

CWE-191 Integer Underflow (Wrap or Wraparound)

Product status

Default status

unknown

Any version

affected

References

github.com/...ommit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b

cve.org (CVE-2026-40386)

nvd.nist.gov (CVE-2026-40386)

Download JSON