Description
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available.
Published: 2026-04-17
Score: 3.5 Low
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch
AI Analysis

Impact

libgphoto2 contains a buffer over‑read in the function ptp_unpack_EOS_FocusInfoEx that can be triggered by crafted data from an untrusted USB device. The library reads beyond allocated memory (CWE‑125) and uses an invalid index into an array (CWE‑126), causing a crash. This results in a denial‑of‑service condition for any application that relies on libgphoto2, and could destabilise the host system if the crash propagates.

Affected Systems

The vulnerability affects the open‑source libgphoto2 camera access library, versions up to and including 2.5.33. Systems that use these versions to communicate with cameras over USB and receive data from potentially untrusted peripherals are at risk.

Risk and Exploitability

With a CVSS score of 3.5 the technical severity is low. The EPSS score is currently < 1% and the vulnerability is not listed in CISA’s KEV catalog, so the likelihood of widespread exploitation is limited. The most likely attack vector is a local attacker who can connect a malicious USB device to a system running libgphoto2; from there the attacker can supply malformed packets to induce the over‑read and force a crash. No attacker privileges beyond local USB access are required, and the flaw does not allow remote code execution.

Generated by OpenCVE AI on April 21, 2026 at 23:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libgphoto2 to a version later than 2.5.33, applying the patch introduced in commit c385b34af260595dfbb5f9329526be5158985987.
  • Restrict the use of libgphoto2 to trusted USB devices or isolate its operation from untrusted peripherals until an update is available.
  • Monitor the official gphoto2 repository and security advisories for any additional mitigations or notices about this issue.

Generated by OpenCVE AI on April 21, 2026 at 23:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 21 Apr 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
References
Metrics threat_severity

None

 threat_severity

Moderate

Mon, 20 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
First Time appeared Gphoto
Gphoto libgphoto2
Vendors & Products Gphoto
Gphoto libgphoto2

Sat, 18 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Description libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available.
Title libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx
Weaknesses CWE-126
References
Metrics cvssV3_1

{'score': 3.5, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}

Subscriptions

Gphoto Libgphoto2
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-20T16:14:19.107Z

Reserved: 2026-04-10T22:50:01.358Z

Link: CVE-2026-40341

cve-icon Vulnrichment

Updated: 2026-04-20T16:14:13.974Z

cve-icon NVD

Status : Deferred

Published: 2026-04-18T00:16:38.220

Modified: 2026-04-20T19:00:52.467

Link: CVE-2026-40341

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-17T23:48:36Z

Links: CVE-2026-40341 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T23:30:02Z

Weaknesses