Executive Summary

CVE-2026-32775 is a vulnerability in the libexif library related to improper handling of the maxlen parameter in functions that retrieve metadata values from camera MakerNotes. Specifically, if the maxlen parameter is zero, the code decrements it without validation, causing an integer underflow. This underflow results in maxlen wrapping to a very large value, leading to buffer overflow when memory operations use this incorrect length.

The flaw affects multiple functions for different camera manufacturers (Apple, Canon, Fuji, Olympus, Pentax) where the maxlen parameter is not checked to be at least 1 before use. This can cause the passed-in buffer to be overwritten due to the underflow.

The issue was fixed by adding explicit checks to ensure maxlen is at least 1 before proceeding, returning NULL otherwise, preventing the underflow and subsequent buffer overflow.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can lead to a heap-based buffer overflow when processing specially crafted JPEG images containing malicious MakerNote EXIF metadata. An attacker could exploit this to cause application crashes or potentially execute arbitrary code depending on the heap layout.

Because the flaw involves memory corruption, it poses a high severity risk, potentially compromising the security and stability of applications using the vulnerable libexif versions.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by analyzing the handling of the maxlen parameter in libexif functions that process MakerNote EXIF metadata, especially for Pentax, Apple, Canon, Fuji, Olympus, and Pentax camera manufacturers.

Detection can involve checking for crashes or abnormal behavior when processing JPEG images with crafted MakerNote metadata.

Static analysis tools or AddressSanitizer (ASAN) can be used to identify the integer underflow and buffer overflow issues in the vulnerable functions.

Specific commands are not provided in the resources, but you can use tools like:

• Static code analyzers (e.g., clang static analyzer, Coverity) to scan libexif source code for improper maxlen handling.
• AddressSanitizer (ASAN) to run applications using libexif and detect memory corruption or crashes triggered by crafted JPEG files.
• Fuzz testing tools to feed malformed JPEG images with crafted MakerNote data to applications using libexif and monitor for crashes.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation involves updating libexif to a version that includes the patch fixing the integer underflow in the maxlen parameter handling.

The patch adds explicit checks in the affected functions to ensure maxlen is at least 1 before proceeding, returning NULL otherwise, preventing underflow and buffer overflow.

If updating is not immediately possible, avoid processing untrusted or malicious JPEG images containing MakerNote metadata from Pentax, Apple, Canon, Fuji, Olympus, or Pentax cameras.

Additionally, consider applying runtime protections such as sandboxing or running image processing in isolated environments to limit potential impact.

Useful 0 Not Useful 0