CVE-2026-40334
Received Received - Intake
Buffer Overflow in libgphoto2 ptp_unpack_Canon_FE Function

Publication date: 2026-04-18

Last updated on: 2026-04-18

Assigner: GitHub, Inc.

Description
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. If the source data is exactly 13 bytes with no null terminator, the buffer is left unterminated, leading to out-of-bounds reads in any subsequent string operation. Commit 259fc7d3bfe534ce4b114c464f55b448670ab873 patches the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-18
Last Modified
2026-04-18
Generated
2026-05-07
AI Q&A
2026-04-18
EPSS Evaluated
2026-05-05
NVD
CVE-2026-40334
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libgphoto2 libgphoto2 to 2.5.33 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-170 The product does not terminate or incorrectly terminates a string or array with a null character or equivalent terminator.
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.


Can you explain this vulnerability to me?

This vulnerability exists in libgphoto2 versions up to and including 2.5.33. It is caused by a missing null terminator in the function ptp_unpack_Canon_FE() located in camlibs/ptp2/ptp-pack.c. Specifically, the function copies a filename into a 13-byte buffer using strncpy without explicitly adding a null terminator. If the source filename is exactly 13 bytes long and lacks a null terminator, the buffer remains unterminated. This can lead to out-of-bounds reads during subsequent string operations.


How can this vulnerability impact me? :

The vulnerability can lead to out-of-bounds reads, which may cause information disclosure or application instability. According to the CVSS score (3.5), the impact includes limited confidentiality loss and some availability impact, but no integrity loss. The attack vector is physical (AV:P), requiring local access, and the vulnerability does not require user interaction.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update libgphoto2 to a version later than 2.5.33 where the issue has been patched (commit 259fc7d3bfe534ce4b114c464f55b448670ab873).


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart