CVE-2026-40340

MEDIUM
2026-04-18 [email protected]
Samsung Information Disclosure Buffer Overflow
6.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Physical
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
Analysis Generated
Apr 18, 2026 - 00:40 vuln.today

DescriptionNVD

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptp_unpack_OI() in camlibs/ptp2/ptp-pack.c (lines 530-563). The function validates len < PTP_oi_SequenceNumber (i.e., len < 48) but subsequently accesses offsets 48-56, up to 9 bytes beyond the validated boundary, via the Samsung Galaxy 64-bit objectsize detection heuristic. Commit 7c7f515bc88c3d0c4098ac965d313518e0ccbe33 fixes the issue.

AnalysisAI

Out-of-bounds read in libgphoto2 versions up to 2.5.33 allows local attackers with physical access to a USB-connected camera to trigger information disclosure or denial of service via malformed PTP protocol data during Samsung Galaxy device enumeration. The vulnerability exists in ptp_unpack_OI() which validates buffer boundaries at 48 bytes but subsequently reads up to 56 bytes, exceeding the boundary by 9 bytes. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-40340 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy