Description
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
Published: 2026-04-12
Score: 4 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service or Information Leak
Action: Apply Patch
AI Analysis

Impact

An unsigned 32‑bit integer overflow exists in the Nikon MakerNote handling code of libexif versions up to 0.6.25. The overflow allows an adversary to manipulate a size field so that the library reads or writes past its intended bounds, potentially causing a crash or leaking data from memory. This weakness is classified as a numeric overflow (CWE‑190).

Affected Systems

All 32‑bit platforms that use libexif 0.6.25 or earlier are affected. Applications on 32‑bit Linux, Windows, or macOS that process JPEG, TIFF, or other images containing Nikon MakerNote metadata are at risk. 64‑bit builds are not impacted.

Risk and Exploitability

The CVSS score of 4.0 represents moderate severity, and the vulnerability is exploitable only by local attackers who can supply a crafted image file. Because no EPSS score is available and the issue is not listed in the CISA KEV catalog, it appears to be a low‑probability risk, but it can still cause denial of service or expose sensitive data. The likely attack vector is a local file that is parsed by libexif – this inference is drawn from the description of the vulnerability. Organizations should treat this as a fixable flaw that warrants a prompt update, especially in environments that handle untrusted image files.

Generated by OpenCVE AI on April 12, 2026 at 19:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade libexif to version 0.6.26 or later if available.
  • Restrict or sandbox local file processing that uses libexif to limit exposure.
  • Monitor the libexif project for releases and apply patches as soon as they appear.
  • Use 64‑bit platforms to avoid the vulnerability when practical.

Generated by OpenCVE AI on April 12, 2026 at 19:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4558-1 libexif security update
History

Tue, 14 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 13 Apr 2026 12:15:00 +0000

Type Values Removed Values Added
Title libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling
References
Metrics threat_severity

None

 threat_severity

Moderate

Sun, 12 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
First Time appeared Libexif Project
Libexif Project libexif
Weaknesses CWE-190
CPEs cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*
Vendors & Products Libexif Project
Libexif Project libexif
References
Metrics cvssV3_1

{'score': 4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L'}

Subscriptions

Libexif Project Libexif
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-14T16:33:12.567Z

Reserved: 2026-04-12T18:16:29.829Z

Link: CVE-2026-40385

cve-icon Vulnrichment

Updated: 2026-04-14T15:18:46.319Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-12T19:16:20.480

Modified: 2026-04-14T20:15:39.990

Link: CVE-2026-40385

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-04-12T18:16:30Z

Links: CVE-2026-40385 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T12:54:05Z

Weaknesses