CVE-2026-40335: CWE-125: Out-of-bounds Read in gphoto libgphoto2
An out-of-bounds read vulnerability exists in libgphoto2 versions up to and including 2. 5. 33 within the ptp_unpack_DPV() function. The issue occurs because the code advances the offset by 16 bytes for UINT128 and INT128 types without confirming that 16 bytes remain in the buffer, potentially reading beyond the buffer boundary. This vulnerability has a medium severity with a CVSS score of 5. 2. A patch addressing this issue was committed (commit 433bde9888d70aa726e32744cd751d7dbe94379a), but no explicit vendor advisory or official fix release information is provided in the data. No known exploits are reported in the wild. The vulnerability affects local attack vectors with low attack complexity and no privileges or user interaction required. The impact is high confidentiality impact with limited availability impact.
AI Analysis
Technical Summary
CVE-2026-40335 is an out-of-bounds read vulnerability in libgphoto2 (up to version 2.5.33) specifically in the ptp_unpack_DPV() function located in camlibs/ptp2/ptp-pack.c. The vulnerability arises because the function increments the offset by 16 bytes for UINT128 and INT128 data types without verifying that 16 bytes remain in the input buffer, only checking that at least one byte is available. This can lead to reading beyond the buffer boundary, potentially exposing sensitive memory contents. The issue is patched in commit 433bde9888d70aa726e32744cd751d7dbe94379a. The CVSS 3.1 base score is 5.2, reflecting a medium severity with a network attack vector requiring low complexity and no privileges or user interaction. The confidentiality impact is high, while integrity is unaffected and availability impact is low.
Potential Impact
The vulnerability allows an attacker with local access to cause an out-of-bounds read, potentially exposing sensitive information from memory. There is no indication of integrity compromise or significant availability disruption. No known exploits are reported in the wild, reducing immediate risk. The medium CVSS score reflects moderate risk primarily due to confidentiality impact.
Mitigation Recommendations
A patch fixing this vulnerability has been committed (commit 433bde9888d70aa726e32744cd751d7dbe94379a). However, no official vendor advisory or release containing the fix is referenced in the provided data. Users should upgrade libgphoto2 to a version including this commit or later once officially released. Until then, monitor vendor channels for an official patch. No other mitigations or workarounds are specified.
CVE-2026-40335: CWE-125: Out-of-bounds Read in gphoto libgphoto2
Description
An out-of-bounds read vulnerability exists in libgphoto2 versions up to and including 2. 5. 33 within the ptp_unpack_DPV() function. The issue occurs because the code advances the offset by 16 bytes for UINT128 and INT128 types without confirming that 16 bytes remain in the buffer, potentially reading beyond the buffer boundary. This vulnerability has a medium severity with a CVSS score of 5. 2. A patch addressing this issue was committed (commit 433bde9888d70aa726e32744cd751d7dbe94379a), but no explicit vendor advisory or official fix release information is provided in the data. No known exploits are reported in the wild. The vulnerability affects local attack vectors with low attack complexity and no privileges or user interaction required. The impact is high confidentiality impact with limited availability impact.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-40335 is an out-of-bounds read vulnerability in libgphoto2 (up to version 2.5.33) specifically in the ptp_unpack_DPV() function located in camlibs/ptp2/ptp-pack.c. The vulnerability arises because the function increments the offset by 16 bytes for UINT128 and INT128 data types without verifying that 16 bytes remain in the input buffer, only checking that at least one byte is available. This can lead to reading beyond the buffer boundary, potentially exposing sensitive memory contents. The issue is patched in commit 433bde9888d70aa726e32744cd751d7dbe94379a. The CVSS 3.1 base score is 5.2, reflecting a medium severity with a network attack vector requiring low complexity and no privileges or user interaction. The confidentiality impact is high, while integrity is unaffected and availability impact is low.
Potential Impact
The vulnerability allows an attacker with local access to cause an out-of-bounds read, potentially exposing sensitive information from memory. There is no indication of integrity compromise or significant availability disruption. No known exploits are reported in the wild, reducing immediate risk. The medium CVSS score reflects moderate risk primarily due to confidentiality impact.
Mitigation Recommendations
A patch fixing this vulnerability has been committed (commit 433bde9888d70aa726e32744cd751d7dbe94379a). However, no official vendor advisory or release containing the fix is referenced in the provided data. Users should upgrade libgphoto2 to a version including this commit or later once officially released. Until then, monitor vendor channels for an official patch. No other mitigations or workarounds are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-10T22:50:01.357Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e2c47fbdfbbecc59a12f8c
Added to database: 4/17/2026, 11:38:39 PM
Last enriched: 4/17/2026, 11:53:26 PM
Last updated: 4/18/2026, 6:42:45 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.