CVE-2026-40334: CWE-170: Improper Null Termination in gphoto libgphoto2
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. If the source data is exactly 13 bytes with no null terminator, the buffer is left unterminated, leading to out-of-bounds reads in any subsequent string operation. Commit 259fc7d3bfe534ce4b114c464f55b448670ab873 patches the issue.
AI Analysis
Technical Summary
libgphoto2, a camera access and control library, contains a vulnerability (CVE-2026-40334) in versions up to 2.5.33 where the ptp_unpack_Canon_FE() function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the buffer. If the source filename is exactly 13 bytes without a null terminator, the buffer remains unterminated, causing out-of-bounds reads in subsequent string operations. This is classified as CWE-170 (Improper Null Termination). The issue is fixed by commit 259fc7d3bfe534ce4b114c464f55b448670ab873. The CVSS v3.1 base score is 3.5, indicating low severity, with the vector showing the attack requires physical access (AV:P), low complexity, no privileges or user interaction, and impacts confidentiality and availability slightly.
Potential Impact
The vulnerability can cause out-of-bounds reads when processing certain filenames, potentially leading to information disclosure or application instability. The impact is limited to confidentiality and availability with low severity. There are no reports of exploitation in the wild. The vulnerability requires physical access to the device using libgphoto2 and does not allow privilege escalation or code execution.
Mitigation Recommendations
A fix for this vulnerability has been committed in libgphoto2 (commit 259fc7d3bfe534ce4b114c464f55b448670ab873). Users should upgrade to a version of libgphoto2 that includes this patch. Since the vendor advisory or patch links are not explicitly provided, users should verify the patch availability in the official libgphoto2 repository or releases. No additional mitigations are indicated.
CVE-2026-40334: CWE-170: Improper Null Termination in gphoto libgphoto2
Description
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. If the source data is exactly 13 bytes with no null terminator, the buffer is left unterminated, leading to out-of-bounds reads in any subsequent string operation. Commit 259fc7d3bfe534ce4b114c464f55b448670ab873 patches the issue.
CVSS v3.1
Score 3.5low
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
libgphoto2, a camera access and control library, contains a vulnerability (CVE-2026-40334) in versions up to 2.5.33 where the ptp_unpack_Canon_FE() function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the buffer. If the source filename is exactly 13 bytes without a null terminator, the buffer remains unterminated, causing out-of-bounds reads in subsequent string operations. This is classified as CWE-170 (Improper Null Termination). The issue is fixed by commit 259fc7d3bfe534ce4b114c464f55b448670ab873. The CVSS v3.1 base score is 3.5, indicating low severity, with the vector showing the attack requires physical access (AV:P), low complexity, no privileges or user interaction, and impacts confidentiality and availability slightly.
Potential Impact
The vulnerability can cause out-of-bounds reads when processing certain filenames, potentially leading to information disclosure or application instability. The impact is limited to confidentiality and availability with low severity. There are no reports of exploitation in the wild. The vulnerability requires physical access to the device using libgphoto2 and does not allow privilege escalation or code execution.
Mitigation Recommendations
A fix for this vulnerability has been committed in libgphoto2 (commit 259fc7d3bfe534ce4b114c464f55b448670ab873). Users should upgrade to a version of libgphoto2 that includes this patch. Since the vendor advisory or patch links are not explicitly provided, users should verify the patch availability in the official libgphoto2 repository or releases. No additional mitigations are indicated.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-10T22:50:01.357Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e2c0dabdfbbecc599fc050
Added to database: 4/17/2026, 11:23:06 PM
Last enriched: 4/25/2026, 3:00:34 AM
Last updated: 6/1/2026, 1:55:27 PM
Views: 67
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.