CVE-2026-40335
Out-of-Bounds Read in libgphoto2 ptp_unpack_DPV Function
Publication date: 2026-04-18
Last updated on: 2026-04-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libgphoto2 | libgphoto2 | to 2.5.33 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in libgphoto2, a camera access and control library, in versions up to and including 2.5.33. It is an out-of-bounds read issue in the function ptp_unpack_DPV() located in camlibs/ptp2/ptp-pack.c. Specifically, when handling UINT128 and INT128 data types, the code advances the offset by 16 bytes without verifying that 16 bytes remain in the buffer. The initial check only ensures that at least 1 byte is available, which can leave up to 15 bytes unvalidated, potentially causing the program to read beyond the buffer boundary.
How can this vulnerability impact me? :
The vulnerability can lead to an out-of-bounds read, which may cause a partial denial of service (application crash) or expose sensitive information from adjacent memory. According to the CVSS score (5.2), the impact includes high confidentiality impact and low availability impact, with no integrity impact.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update libgphoto2 to a version later than 2.5.33 where the issue has been patched (commit 433bde9888d70aa726e32744cd751d7dbe94379a).