{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40336", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-10T22:50:01.357Z", "datePublished": "2026-04-17T23:27:42.868Z", "dateUpdated": "2026-04-17T23:27:42.868Z"}, "containers": {"cna": {"title": "libgphoto2 has memory leak in ptp_unpack_Sony_DPD() secondary enumeration list in ptp-pack.c", "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "lang": "en", "description": "CWE-401: Missing Release of Memory after Effective Lifetime", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/gphoto/libgphoto2/security/advisories/GHSA-g8xw-p5wj-mrxv", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gphoto/libgphoto2/security/advisories/GHSA-g8xw-p5wj-mrxv"}, {"name": "https://github.com/gphoto/libgphoto2/commit/404ff02c75f3cb280196fc260a63c4d26cf1a8f6", "tags": ["x_refsource_MISC"], "url": "https://github.com/gphoto/libgphoto2/commit/404ff02c75f3cb280196fc260a63c4d26cf1a8f6"}], "affected": [{"vendor": "gphoto", "product": "libgphoto2", "versions": [{"version": "<= 2.5.33", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T23:27:42.868Z"}, "descriptions": [{"lang": "en", "value": "libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884\u2013885). When processing a secondary enumeration list (introduced in 2024+ Sony cameras), the function overwrites dpd->FORM.Enum.SupportedValue with a new calloc() without freeing the previous allocation from line 857. The original array and any string values it contains are leaked on every property descriptor parse. Commit 404ff02c75f3cb280196fc260a63c4d26cf1a8f6 fixes the issue."}], "source": {"advisory": "GHSA-g8xw-p5wj-mrxv", "discovery": "UNKNOWN"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884\u2013885). When processing a secondary enumeration list (introduced in 2024+ Sony cameras), the function overwrites dpd->FORM.Enum.SupportedValue with a new calloc() without freeing the previous allocation from line 857. The original array and any string values it contains are leaked on every property descriptor parse. Commit 404ff02c75f3cb280196fc260a63c4d26cf1a8f6 fixes the issue."}], "id": "CVE-2026-40336", "lastModified": "2026-04-18T00:16:37.523", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 2.4, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-18T00:16:37.523", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/gphoto/libgphoto2/commit/404ff02c75f3cb280196fc260a63c4d26cf1a8f6"}, {"source": "security-advisories@github.com", "url": "https://github.com/gphoto/libgphoto2/security/advisories/GHSA-g8xw-p5wj-mrxv"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T08:46:56.748426+00:00", "value": {"mitigation_remediation": ["Update libgphoto2 to version 2.5.34 or later; the commit 404ff02c75f3cb280196fc260a63c4d26cf1a8f6 removes the memory leak.", "If updating the library is not immediately possible, isolate the application that uses libgphoto2 in a sandboxed or dedicated process that has a strict memory limit and is automatically restarted when the memory cap is exceeded.", "As a temporary workaround, disable or avoid the feature that triggers the secondary enumeration list on Sony cameras; if your application permits it, use older camera firmware or bypass the advanced property queries that invoke ptp_unpack_Sony_DPD()."], "summary": {"action": "Patch", "impact": "Memory Leak (Potential Denial of Service)"}, "threat_synthesis": {"affected_systems": "All systems using libgphoto2 version 2.5.33 or earlier are vulnerable. This includes typical Linux, Windows, and macOS installations that employ the libgphoto2 library for camera communication. The affected binary is the libgphoto2 library itself; the vulnerability is triggered by any application that calls into the ptp_unpack_Sony_DPD() routine while interacting with a Sony camera that supports the secondary enumeration list introduced in 2024 and later firmware. No specific hardware or operating system versions are singled out beyond the library version requirement.", "description_and_impact": "The flaw occurs in the libgphoto2 camera library when it processes a secondary enumeration list from Sony cameras. The ptp_unpack_Sony_DPD() function incorrectly reallocates memory for the property descriptor structure without freeing the previous allocation, causing each parse of an enumeration list to leak memory. The accumulation of these leaks can exhaust the host system\u2019s memory over time, potentially disabling the application or resulting in a denial-of-service condition for processes that rely on libgphoto2. The CVSS score of 2.4 indicates a low severity and no privilege escalation, code execution, or data compromise is described.", "risk_and_exploitability": "The CVSS rating of 2.4 and the absence of an EPSS score or KEV listing suggest that exploitation is unlikely to be automated or widely targeted. The most probable attack vector is a local attacker or inadvertently malicious application that repeatedly queries Sony camera properties, causing the memory leak to manifest. While the vulnerability cannot be used for remote code execution or confidentiality breaches, it can be leveraged to degrade system performance in a controlled environment, particularly on resource\u2011constrained or virtualized hosts."}}}}, "created": "2026-04-18T09:00:05.890681+00:00", "updated": "2026-04-18T09:00:05.890691+00:00", "vendors": []}