CVE-2026-40386
HIGH7.1EPSS 0.01%Published: 4/12/2026Modified: 5/16/2026
Description
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
Affected packages (1)
- Debian/libexiffrom 0, < 0.6.22-3+deb11u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H |