CVE-2026-40334: CWE-170: Improper Null Termination in gphoto libgphoto2
CVE-2026-40334 is a low-severity vulnerability in libgphoto2 versions up to 2. 5. 33 involving improper null termination in the function ptp_unpack_Canon_FE(). The issue arises because strncpy is used to copy a filename into a fixed-size buffer without explicitly adding a null terminator if the source string is exactly the buffer size. This can lead to out-of-bounds reads during subsequent string operations. The vulnerability has been patched in a later commit (259fc7d3bfe534ce4b114c464f55b448670ab873).
AI Analysis
Technical Summary
libgphoto2, a camera access and control library, contains a vulnerability (CVE-2026-40334) in versions up to 2.5.33 where the ptp_unpack_Canon_FE() function copies a filename into a 13-byte buffer using strncpy without ensuring null termination. If the source filename is exactly 13 bytes without a null terminator, the buffer remains unterminated, causing out-of-bounds reads in subsequent string operations. This is classified as CWE-170 (Improper Null Termination). The issue was fixed in commit 259fc7d3bfe534ce4b114c464f55b448670ab873.
Potential Impact
The vulnerability can cause out-of-bounds reads, potentially leading to information disclosure or application instability. The CVSS score is 3.5 (low severity), indicating limited impact with no known exploits in the wild. The vulnerability does not affect confidentiality, integrity, or availability beyond minor information disclosure and limited availability impact.
Mitigation Recommendations
A fix for this vulnerability is available in the libgphoto2 source code as of commit 259fc7d3bfe534ce4b114c464f55b448670ab873. Users should upgrade to a version including this patch or apply the patch manually. Since this is not a cloud service, remediation depends on user action. Patch status is not explicitly confirmed in vendor advisories, so users should verify the presence of the fix in their version.
CVE-2026-40334: CWE-170: Improper Null Termination in gphoto libgphoto2
Description
CVE-2026-40334 is a low-severity vulnerability in libgphoto2 versions up to 2. 5. 33 involving improper null termination in the function ptp_unpack_Canon_FE(). The issue arises because strncpy is used to copy a filename into a fixed-size buffer without explicitly adding a null terminator if the source string is exactly the buffer size. This can lead to out-of-bounds reads during subsequent string operations. The vulnerability has been patched in a later commit (259fc7d3bfe534ce4b114c464f55b448670ab873).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
libgphoto2, a camera access and control library, contains a vulnerability (CVE-2026-40334) in versions up to 2.5.33 where the ptp_unpack_Canon_FE() function copies a filename into a 13-byte buffer using strncpy without ensuring null termination. If the source filename is exactly 13 bytes without a null terminator, the buffer remains unterminated, causing out-of-bounds reads in subsequent string operations. This is classified as CWE-170 (Improper Null Termination). The issue was fixed in commit 259fc7d3bfe534ce4b114c464f55b448670ab873.
Potential Impact
The vulnerability can cause out-of-bounds reads, potentially leading to information disclosure or application instability. The CVSS score is 3.5 (low severity), indicating limited impact with no known exploits in the wild. The vulnerability does not affect confidentiality, integrity, or availability beyond minor information disclosure and limited availability impact.
Mitigation Recommendations
A fix for this vulnerability is available in the libgphoto2 source code as of commit 259fc7d3bfe534ce4b114c464f55b448670ab873. Users should upgrade to a version including this patch or apply the patch manually. Since this is not a cloud service, remediation depends on user action. Patch status is not explicitly confirmed in vendor advisories, so users should verify the presence of the fix in their version.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-10T22:50:01.357Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e2c0dabdfbbecc599fc050
Added to database: 4/17/2026, 11:23:06 PM
Last enriched: 4/17/2026, 11:38:33 PM
Last updated: 4/18/2026, 6:57:58 AM
Views: 12
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.