CVE-2026-40340: CWE-125: Out-of-bounds Read in gphoto libgphoto2
An out-of-bounds read vulnerability exists in libgphoto2 versions up to and including 2. 5. 33 within the ptp_unpack_OI() function. The function incorrectly validates a length parameter but then accesses memory beyond the validated boundary, potentially leading to a read of unauthorized memory. This issue is fixed in a later commit but no official patch or remediation level is specified in the provided data. The vulnerability has a CVSS score of 6. 1, indicating medium severity, with high confidentiality impact and high availability impact but no integrity impact. There are no known exploits in the wild and this affects local or adjacent network attack vectors without requiring privileges or user interaction.
AI Analysis
Technical Summary
libgphoto2, a camera access and control library, contains an out-of-bounds read vulnerability (CWE-125) in the ptp_unpack_OI() function located in camlibs/ptp2/ptp-pack.c. The vulnerability arises because the function validates that the length parameter is less than 48 but then accesses offsets 48 to 56, reading up to 9 bytes beyond the validated boundary. This occurs due to the Samsung Galaxy 64-bit object size detection heuristic. The issue affects versions up to and including 2.5.33. A commit identified as 7c7f515bc88c3d0c4098ac965d313518e0ccbe33 addresses and fixes this vulnerability. The CVSS 3.1 base score is 6.1, reflecting a medium severity with high confidentiality and availability impacts but no integrity impact. No vendor advisory or official patch information is provided in the input data.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to read memory beyond intended boundaries, potentially exposing sensitive information (confidentiality impact) and causing denial of service (availability impact). The CVSS vector indicates the attack requires physical or adjacent network access (AV:P), has low attack complexity, no privileges required, and no user interaction. There are no known exploits in the wild as of the provided data.
Mitigation Recommendations
A fix for this vulnerability exists in the form of a code commit (7c7f515bc88c3d0c4098ac965d313518e0ccbe33) that corrects the out-of-bounds read. However, no official patch or vendor advisory is provided in the data. Users should update libgphoto2 to a version including this fix once it is officially released. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
CVE-2026-40340: CWE-125: Out-of-bounds Read in gphoto libgphoto2
Description
An out-of-bounds read vulnerability exists in libgphoto2 versions up to and including 2. 5. 33 within the ptp_unpack_OI() function. The function incorrectly validates a length parameter but then accesses memory beyond the validated boundary, potentially leading to a read of unauthorized memory. This issue is fixed in a later commit but no official patch or remediation level is specified in the provided data. The vulnerability has a CVSS score of 6. 1, indicating medium severity, with high confidentiality impact and high availability impact but no integrity impact. There are no known exploits in the wild and this affects local or adjacent network attack vectors without requiring privileges or user interaction.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
libgphoto2, a camera access and control library, contains an out-of-bounds read vulnerability (CWE-125) in the ptp_unpack_OI() function located in camlibs/ptp2/ptp-pack.c. The vulnerability arises because the function validates that the length parameter is less than 48 but then accesses offsets 48 to 56, reading up to 9 bytes beyond the validated boundary. This occurs due to the Samsung Galaxy 64-bit object size detection heuristic. The issue affects versions up to and including 2.5.33. A commit identified as 7c7f515bc88c3d0c4098ac965d313518e0ccbe33 addresses and fixes this vulnerability. The CVSS 3.1 base score is 6.1, reflecting a medium severity with high confidentiality and availability impacts but no integrity impact. No vendor advisory or official patch information is provided in the input data.
Potential Impact
Successful exploitation of this vulnerability could allow an attacker to read memory beyond intended boundaries, potentially exposing sensitive information (confidentiality impact) and causing denial of service (availability impact). The CVSS vector indicates the attack requires physical or adjacent network access (AV:P), has low attack complexity, no privileges required, and no user interaction. There are no known exploits in the wild as of the provided data.
Mitigation Recommendations
A fix for this vulnerability exists in the form of a code commit (7c7f515bc88c3d0c4098ac965d313518e0ccbe33) that corrects the out-of-bounds read. However, no official patch or vendor advisory is provided in the data. Users should update libgphoto2 to a version including this fix once it is officially released. Patch status is not yet confirmed — check the vendor advisory for current remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-10T22:50:01.358Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e389f6bdfbbecc5976516c
Added to database: 4/18/2026, 1:41:10 PM
Last enriched: 4/18/2026, 1:53:14 PM
Last updated: 4/18/2026, 3:08:05 PM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.