CVE-2026-40386

MEDIUM

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

CVSS v3.1 Score

4.0

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

LOCAL

Complexity

HIGH

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

LOW

Published: 4/12/2026Modified: 4/14/2026

Related Intelligence (2)

CRITICALZero Day

Patch Tuesday - April 2026

Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday . Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser vulnerabilities, which are no

CVE-2026-32201CVE-2026-33825

Apr 14, 2026Rapid7

HIGHVulnerability

NVD HIGH: CVE-2026-40386 — In libexif through 0.6.25, an integer underflow in size checking for Fuji and Ol...

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

CVE-2026-40386

Apr 12, 2026NIST NVD

References (1)

https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34bPatch