CVE-2026-40385

NameCVE-2026-40385
DescriptionIn libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-4558-1
Debian Bugs1133922

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libexif (PTS)bullseye0.6.22-3vulnerable
bullseye (security)0.6.22-3+deb11u1fixed
bookworm0.6.24-1vulnerable
trixie0.6.25-1vulnerable
forky, sid0.6.26-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libexifsourcebullseye0.6.22-3+deb11u1DLA-4558-1
libexifsource(unstable)0.6.26-11133922

Notes

[trixie] - libexif <no-dsa> (Minor issue)
[bookworm] - libexif <no-dsa> (Minor issue)
Fixed by: https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58
Search for package or bug name: Reporting problems