CVE-2026-40333
Unbounded Read Vulnerability in libgphoto2 ptp-pack.c Functions
Publication date: 2026-04-18
Last updated on: 2026-04-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libgphoto2 | libgphoto2 | to 2.5.33 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
The vulnerability can lead to unbounded reads, which may cause a denial of service (application crash) or potentially expose sensitive information from memory. According to the CVSS score (6.1), the impact includes high confidentiality impact and high availability impact, meaning that confidential data could be exposed and the application could become unavailable.
Can you explain this vulnerability to me?
This vulnerability exists in libgphoto2, a camera access and control library, specifically in versions up to and including 2.5.33. Two functions in the file camlibs/ptp2/ptp-pack.c accept a data pointer but do not receive a length parameter, which causes them to perform unbounded reads. The callers of these functions in ptp_unpack_EOS_events() have the size information (xsize) available but do not pass it along, preventing the functions from validating the read operations against the actual buffer boundaries. This can lead to reading beyond the intended memory buffer.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update libgphoto2 to a version that includes the patch commit 1817ecead20c2aafa7549dac9619fe38f47b2f53 or later, which fixes the unbounded read issue.