CVE-2026-40385

MEDIUM

Libexif < 0.6.25 - Information Disclosure

Title source: rule

Description

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.

References (1)

https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58

View Patch ZIP pw:eip

Scores

CVSS v3 4.0

EPSS 0.0001

EPSS Percentile 2.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Details

CWE

CWE-190

Status published

Products (2)

libexif project/libexif < 0.6.25

libexif_project/libexif < 0.6.25

Published Apr 12, 2026

Tracked Since Apr 13, 2026