CVE-2026-40385

MEDIUM

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.

CVSS v3.1 Score

4.0

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

LOCAL

Complexity

HIGH

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

LOW

Published: 4/12/2026Modified: 4/14/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (1)

https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58Patch