Skip to main content
CVE-2026-40336 LOW Monitor

libgphoto2 versions up to 2.5.33 leak memory in the Sony camera property descriptor parser when processing secondary enumeration lists from 2024+ Sony cameras, causing denial of service through resource exhaustion on systems with repeated camera enumeration or property descriptor parsing. The vulnerability requires physical access to a Sony camera or crafted USB device communication, affecting users who interact with affected Sony camera models via libgphoto2. Vendor-released patch: version 2.5.34 and later.

Information Disclosure
NVD GitHub VulDB
CVSS 3.1
2.4
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy