CVE-2026-40386

MEDIUM

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

CVSS v3.1 Score

4.0

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

Attack Vector

LOCAL

Complexity

HIGH

Privileges

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

LOW

Published: 4/12/2026Modified: 4/14/2026

Related Intelligence (0)

No articles currently reference this CVE.

References (1)

https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34bPatch