CVE-2026-40385

EUVD-2026-21732
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4 MEDIUM
LOCAL
HIGH
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
libexif_projectlibexif
𝑥
≤ 0.6.25
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libexif
bookworm
0.6.24-1+deb12u1
fixed
bullseye
vulnerable
bullseye (security)
0.6.22-3+deb11u1
fixed
forky
0.6.26-1
fixed
sid
0.6.26-1
fixed
trixie
0.6.25-1+deb13u1
fixed
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libexif-devel
suse enterprise desktop 15 SP7
0.6.22-150000.5.12.1
fixed
suse enterprise sap 15 SP7
0.6.22-150000.5.12.1
fixed
suse enterprise server 15 SP4
0.6.22-150000.5.12.1
fixed
suse enterprise server 15 SP7
0.6.22-150000.5.12.1
fixed
libexif12
suse enterprise desktop 15 SP7
0.6.22-150000.5.12.1
fixed
suse enterprise sap 15 SP7
0.6.22-150000.5.12.1
fixed
suse enterprise server 12 SP3
0.6.22-8.16.1
fixed
suse enterprise server 15 SP4
0.6.22-150000.5.12.1
fixed
suse enterprise server 15 SP7
0.6.22-150000.5.12.1
fixed
libexif12-32bit
suse enterprise server 12 SP3
0.6.22-8.16.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libexif
RHEL 8
0:0.6.22-6.el8_10
fixed
RHEL 9
0:0.6.22-6.el9_8.1
fixed
libexif-devel
RHEL 8
0:0.6.22-6.el8_10
fixed
RHEL 9
0:0.6.22-6.el9_8.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
libexif
Azure Linux 3.0
0:0.6.24-3.azl3
fixed