Skip to main content

Red Hat EUVDEUVD-2026-21734

| CVE-2026-40386 MEDIUM
Integer Underflow (CWE-191)
2026-04-12 mitre GHSA-p6wp-hhx9-7jj5
4.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
4.0 MEDIUM
AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
SUSE
7.1 HIGH
AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Red Hat
4.0 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Attack Vector
Local
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
Low

Lifecycle Timeline

5
Patch released
Apr 19, 2026 - 08:30 nvd
Patch available
Analysis Generated
Apr 12, 2026 - 18:54 vuln.today
EUVD ID Assigned
Apr 12, 2026 - 18:45 euvd
EUVD-2026-21734
Analysis Generated
Apr 12, 2026 - 18:45 vuln.today
CVE Published
Apr 12, 2026 - 18:19 nvd
MEDIUM 4.0

DescriptionCVE.org

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

AnalysisAI

Integer underflow in libexif version 0.6.25 and earlier during Fuji and Olympus MakerNote decoding allows local attackers to crash applications or leak sensitive memory information. The vulnerability requires local access and specific user interaction (high complexity) but affects all applications linking libexif, creating a supply-chain exposure for image processing tools.

Technical ContextAI

libexif is a C library for parsing and manipulating EXIF metadata embedded in JPEG images. MakerNote fields are manufacturer-specific extensions that may contain proprietary camera settings and thumbnails. The integer underflow (CWE-191) occurs in size-validation logic when processing Fuji and Olympus MakerNote records-a signed or unsigned integer wraps around due to insufficient bounds checking, permitting out-of-bounds heap reads or writes. Affected versions include all libexif releases through 0.6.25; the vulnerability resides in the MakerNote parser module that handles variable-length binary data without robust overflow protection.

RemediationAI

Upgrade libexif to a version incorporating the upstream fix at commit dc6eac6e9655d14d0779d99e82d0f5f442d2f34b or later. Review the libexif release notes and GitHub repository (https://github.com/libexif/libexif) to confirm the exact patched version number, as the provided reference is a commit hash rather than a tagged release. Applications dependent on libexif should update their library dependencies and rebuild to incorporate the fix. Pending patched releases, apply strict input validation to reject EXIF data from untrusted sources or disable MakerNote parsing if not required for core functionality.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Module for Desktop Applications 15 SP7 Fixed
SUSE Linux Enterprise Module for Package Hub 15 SP7 Fixed
SUSE Linux Enterprise Server 15 SP7 Fixed

Share

EUVD-2026-21734 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy