CVE-2026-40335: CWE-125: Out-of-bounds Read in gphoto libgphoto2
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_DPV()` in `camlibs/ptp2/ptp-pack.c` (lines 622–629). The UINT128 and INT128 cases advance `*offset += 16` without verifying that 16 bytes remain in the buffer. The entry check at line 609 only guarantees `*offset < total` (at least 1 byte available), leaving up to 15 bytes unvalidated. Commit 433bde9888d70aa726e32744cd751d7dbe94379a patches the issue.
AI Analysis
Technical Summary
libgphoto2, a camera access and control library, contains an out-of-bounds read vulnerability in the ptp_unpack_DPV() function within camlibs/ptp2/ptp-pack.c. Specifically, when handling UINT128 and INT128 data types, the function increments the buffer offset by 16 bytes without confirming that 16 bytes are available, only checking that at least 1 byte remains. This leads to reading up to 15 bytes beyond the buffer boundary. The vulnerability affects versions up to 2.5.33 and is fixed by commit 433bde9888d70aa726e32744cd751d7dbe94379a. The CVSS 3.1 base score is 5.2, indicating medium severity, with an attack vector requiring physical access and no privileges or user interaction needed.
Potential Impact
The out-of-bounds read can cause disclosure of memory contents beyond the intended buffer, potentially leaking sensitive information. The vulnerability does not allow code execution or integrity modification but may impact confidentiality. The attack requires physical access to the device using libgphoto2. There are no known exploits in the wild at this time.
Mitigation Recommendations
A fix for this vulnerability is available in libgphoto2 via commit 433bde9888d70aa726e32744cd751d7dbe94379a. Users and administrators should upgrade to a version of libgphoto2 that includes this patch. Since the vendor advisory or patch links are not explicitly provided, verify the patch availability from the official gphoto project repository or releases. Patch status is not yet confirmed in the provided data; check the vendor advisory for current remediation guidance.
CVE-2026-40335: CWE-125: Out-of-bounds Read in gphoto libgphoto2
Description
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_DPV()` in `camlibs/ptp2/ptp-pack.c` (lines 622–629). The UINT128 and INT128 cases advance `*offset += 16` without verifying that 16 bytes remain in the buffer. The entry check at line 609 only guarantees `*offset < total` (at least 1 byte available), leaving up to 15 bytes unvalidated. Commit 433bde9888d70aa726e32744cd751d7dbe94379a patches the issue.
CVSS v3.1
Score 5.2medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
libgphoto2, a camera access and control library, contains an out-of-bounds read vulnerability in the ptp_unpack_DPV() function within camlibs/ptp2/ptp-pack.c. Specifically, when handling UINT128 and INT128 data types, the function increments the buffer offset by 16 bytes without confirming that 16 bytes are available, only checking that at least 1 byte remains. This leads to reading up to 15 bytes beyond the buffer boundary. The vulnerability affects versions up to 2.5.33 and is fixed by commit 433bde9888d70aa726e32744cd751d7dbe94379a. The CVSS 3.1 base score is 5.2, indicating medium severity, with an attack vector requiring physical access and no privileges or user interaction needed.
Potential Impact
The out-of-bounds read can cause disclosure of memory contents beyond the intended buffer, potentially leaking sensitive information. The vulnerability does not allow code execution or integrity modification but may impact confidentiality. The attack requires physical access to the device using libgphoto2. There are no known exploits in the wild at this time.
Mitigation Recommendations
A fix for this vulnerability is available in libgphoto2 via commit 433bde9888d70aa726e32744cd751d7dbe94379a. Users and administrators should upgrade to a version of libgphoto2 that includes this patch. Since the vendor advisory or patch links are not explicitly provided, verify the patch availability from the official gphoto project repository or releases. Patch status is not yet confirmed in the provided data; check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-10T22:50:01.357Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e2c47fbdfbbecc59a12f8c
Added to database: 4/17/2026, 11:38:39 PM
Last enriched: 4/25/2026, 3:00:41 AM
Last updated: 6/2/2026, 10:58:21 AM
Views: 79
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.