Description
libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.
Published: 2026-03-16
Score: 7.4 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution
Action: Immediate Patch
AI Analysis

Impact

The flaw resides in libexif's MakerNotes decoding routine. When the function exif_mnote_data_get_value is invoked with a buffer size of zero, an integer underflow occurs, causing memory to be written beyond the bounds of the supplied buffer. This buffer overrun can corrupt the process’s memory, potentially leading to arbitrary code execution or application crashes, depending on context. The weakness is identified as integer underflow (CWE‑191).

Affected Systems

The affected product is the libexif library released by the libexif project. All versions up to and including 0.6.25 contain the vulnerability. Applications that embed or link against these legacy releases should verify whether they use an affected version. Users of newer releases (0.6.26 and later) are not impacted.

Risk and Exploitability

The CVSS base score of 7.4 indicates high severity. The EPSS score of less than 1% and the absence from the CISA KEV catalog suggest that exploit activity is currently limited. The vulnerability is triggered when malicious EXIF data is processed by libexif, which could occur via local file handling or through network paths that deliver image files. The exact attack vector cannot be confirmed from the data, but it is inferred that an attacker could supply a crafted file that triggers the integer underflow, leading to memory corruption and potentially compromising the host system.

Generated by OpenCVE AI on April 12, 2026 at 19:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update libexif to version 0.6.26 or later to apply the patch that eliminates the integer underflow in MakerNotes decoding.
  • Rebuild or retarget the application to link against the updated library to ensure the fix is in effect.
  • If upgrading the library immediately is not feasible, consider temporarily disabling MakerNotes parsing or validating EXIF data from untrusted sources to prevent the overflow condition from being reached.
  • Consult the libexif issue tracker or security advisories for any additional mitigation guidance or updates.

Generated by OpenCVE AI on April 12, 2026 at 19:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4558-1 libexif security update
History

Sun, 12 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Libexif Project
Libexif Project libexif
CPEs cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*
Vendors & Products Libexif Project
Libexif Project libexif

Tue, 17 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 17 Mar 2026 10:00:00 +0000

Type Values Removed Values Added
First Time appeared Libexif
Libexif libexif
Vendors & Products Libexif
Libexif libexif

Tue, 17 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
Title libexif: libexif: Buffer overwrite via integer underflow in MakerNotes decoding
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 16 Mar 2026 07:00:00 +0000

Type Values Removed Values Added
Description libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.
Weaknesses CWE-191
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Libexif Libexif
Libexif Project Libexif
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-12T18:23:28.578Z

Reserved: 2026-03-16T06:31:35.564Z

Link: CVE-2026-32775

cve-icon Vulnrichment

Updated: 2026-03-16T13:45:44.480Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:19:44.413

Modified: 2026-04-21T13:54:31.967

Link: CVE-2026-32775

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-03-16T06:31:36Z

Links: CVE-2026-32775 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T14:28:32Z

Weaknesses