CVE-2026-40335

MEDIUM
2026-04-18 [email protected]
Information Disclosure Buffer Overflow
5.2
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

1
Analysis Generated
Apr 18, 2026 - 00:39 vuln.today

DescriptionNVD

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptp_unpack_DPV() in camlibs/ptp2/ptp-pack.c (lines 622-629). The UINT128 and INT128 cases advance *offset += 16 without verifying that 16 bytes remain in the buffer. The entry check at line 609 only guarantees *offset < total (at least 1 byte available), leaving up to 15 bytes unvalidated. Commit 433bde9888d70aa726e32744cd751d7dbe94379a patches the issue.

AnalysisAI

Out-of-bounds read in libgphoto2 versions up to 2.5.33 in the PTP protocol parser allows information disclosure and potential denial of service when processing specially crafted camera responses. The vulnerability exists in ptp_unpack_DPV() where UINT128 and INT128 cases advance the buffer offset by 16 bytes without verifying sufficient buffer remains available, potentially exposing adjacent memory. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-40335 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy