libgphoto2 versions up to 2.5.33 leak memory in the Sony camera property descriptor parser when processing secondary enumeration lists from 2024+ Sony cameras, causing denial of service through resource exhaustion on systems with repeated camera enumeration or property descriptor parsing. The vulnerability requires physical access to a Sony camera or crafted USB device communication, affecting users who interact with affected Sony camera models via libgphoto2. Vendor-released patch: version 2.5.34 and later.
Information Disclosure
NVD
GitHub
VulDB
CVSS 3.1
2.4
EPSS
0.0%
Prev
Page 2 of 2