What is the CVSS score of EUVD-2026-21734?

EUVD-2026-21734 has a CVSS 3.1 base score of 4.0 (Medium). CVSS vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L. EPSS exploitation probability: 0.0%.

Is there a patch available for EUVD-2026-21734?

Yes, a patch is available for EUVD-2026-21734. Update the affected software to the latest version immediately.

Red Hat EUVD-2026-21734

| CVE-2026-40386 MEDIUM

Integer Underflow (CWE-191)

2026-04-12 mitre

GHSA-p6wp-hhx9-7jj5

Denial Of Service Integer Overflow Red Hat Suse

4.0

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

Low

Lifecycle Timeline

Patch released

Apr 19, 2026 - 08:30 nvd

Patch available

Analysis Generated

Apr 12, 2026 - 18:54 vuln.today

EUVD ID Assigned

Apr 12, 2026 - 18:45 euvd

EUVD-2026-21734

Analysis Generated

Apr 12, 2026 - 18:45 vuln.today

CVE Published

Apr 12, 2026 - 18:19 nvd

MEDIUM 4.0

DescriptionNVD

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

AnalysisAI

Integer underflow in libexif version 0.6.25 and earlier during Fuji and Olympus MakerNote decoding allows local attackers to crash applications or leak sensitive memory information. The vulnerability requires local access and specific user interaction (high complexity) but affects all applications linking libexif, creating a supply-chain exposure for image processing tools.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory