CVE-2026-40333
Received Received - Intake
Unbounded Read Vulnerability in libgphoto2 ptp-pack.c Functions

Publication date: 2026-04-18

Last updated on: 2026-04-18

Assigner: GitHub, Inc.

Description
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptp_unpack_EOS_events() have xsize available but never pass it, leaving both functions unable to validate reads against the actual buffer boundary. Commit 1817ecead20c2aafa7549dac9619fe38f47b2f53 patches the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-18
Last Modified
2026-04-18
Generated
2026-06-16
AI Q&A
2026-04-18
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40333
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libgphoto2 libgphoto2 to 2.5.33 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

The vulnerability can lead to unbounded reads, which may cause a denial of service (application crash) or potentially expose sensitive information from memory. According to the CVSS score (6.1), the impact includes high confidentiality impact and high availability impact, meaning that confidential data could be exposed and the application could become unavailable.

Executive Summary

This vulnerability exists in libgphoto2, a camera access and control library, specifically in versions up to and including 2.5.33. Two functions in the file camlibs/ptp2/ptp-pack.c accept a data pointer but do not receive a length parameter, which causes them to perform unbounded reads. The callers of these functions in ptp_unpack_EOS_events() have the size information (xsize) available but do not pass it along, preventing the functions from validating the read operations against the actual buffer boundaries. This can lead to reading beyond the intended memory buffer.

Mitigation Strategies

To mitigate this vulnerability, update libgphoto2 to a version that includes the patch commit 1817ecead20c2aafa7549dac9619fe38f47b2f53 or later, which fixes the unbounded read issue.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40333. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart