CVE-2026-40339: CWE-125: Out-of-bounds Read in gphoto libgphoto2
CVE-2026-40339 is an out-of-bounds read vulnerability in libgphoto2 versions up to 2. 5. 33. The issue occurs in the Sony-specific function ptp_unpack_Sony_DPD() where a byte is read without a prior bounds check, unlike the standard variant which performs proper validation. This flaw can lead to reading memory beyond the intended buffer. A code commit has been identified that fixes the issue, but no official patch or vendor advisory is provided in the data. The vulnerability has a CVSS score of 5. 2, indicating medium severity, with potential confidentiality impact and low availability impact. There are no known exploits in the wild and this affects the libgphoto2 library used for camera access and control. No cloud service is involved.
AI Analysis
Technical Summary
libgphoto2 versions up to 2.5.33 contain an out-of-bounds read vulnerability (CWE-125) in the ptp_unpack_Sony_DPD() function located in camlibs/ptp2/ptp-pack.c at line 842. The function reads a FormFlag byte via dtoh8o(data, *poffset) without verifying that the offset is within the bounds of the data buffer. The standard ptp_unpack_DPD() function performs this bounds check correctly, but the Sony-specific variant omits it, leading to potential memory disclosure. A commit (09f8a940b1e418b5693f5c11e3016a1ad2cea62d) has been made to fix this issue. No official patch or vendor advisory is referenced in the provided data.
Potential Impact
The vulnerability allows an out-of-bounds read which can lead to disclosure of memory contents, impacting confidentiality. The CVSS vector indicates no impact on integrity and a low impact on availability. No known exploits exist in the wild at this time. The affected software is libgphoto2, a library for camera access and control.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. A code commit fixing the issue has been identified, but no official patch or vendor advisory is provided in the data. Users of libgphoto2 should monitor the vendor's channels for an official fix and apply it once available. Until then, avoid processing untrusted data with affected versions if possible.
CVE-2026-40339: CWE-125: Out-of-bounds Read in gphoto libgphoto2
Description
CVE-2026-40339 is an out-of-bounds read vulnerability in libgphoto2 versions up to 2. 5. 33. The issue occurs in the Sony-specific function ptp_unpack_Sony_DPD() where a byte is read without a prior bounds check, unlike the standard variant which performs proper validation. This flaw can lead to reading memory beyond the intended buffer. A code commit has been identified that fixes the issue, but no official patch or vendor advisory is provided in the data. The vulnerability has a CVSS score of 5. 2, indicating medium severity, with potential confidentiality impact and low availability impact. There are no known exploits in the wild and this affects the libgphoto2 library used for camera access and control. No cloud service is involved.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
libgphoto2 versions up to 2.5.33 contain an out-of-bounds read vulnerability (CWE-125) in the ptp_unpack_Sony_DPD() function located in camlibs/ptp2/ptp-pack.c at line 842. The function reads a FormFlag byte via dtoh8o(data, *poffset) without verifying that the offset is within the bounds of the data buffer. The standard ptp_unpack_DPD() function performs this bounds check correctly, but the Sony-specific variant omits it, leading to potential memory disclosure. A commit (09f8a940b1e418b5693f5c11e3016a1ad2cea62d) has been made to fix this issue. No official patch or vendor advisory is referenced in the provided data.
Potential Impact
The vulnerability allows an out-of-bounds read which can lead to disclosure of memory contents, impacting confidentiality. The CVSS vector indicates no impact on integrity and a low impact on availability. No known exploits exist in the wild at this time. The affected software is libgphoto2, a library for camera access and control.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. A code commit fixing the issue has been identified, but no official patch or vendor advisory is provided in the data. Users of libgphoto2 should monitor the vendor's channels for an official fix and apply it once available. Until then, avoid processing untrusted data with affected versions if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-10T22:50:01.358Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e389f6bdfbbecc59765160
Added to database: 4/18/2026, 1:41:10 PM
Last enriched: 4/18/2026, 1:53:19 PM
Last updated: 4/18/2026, 3:55:20 PM
Views: 5
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.