CVE-2026-40385

MEDIUM CVSS 4.0 View on NVD ↗

Description

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

References

https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58

Published: Apr 12, 2026 19:16 UTC Modified: Apr 13, 2026 15:01 UTC