{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-40386", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-12T18:19:08.139Z", "datePublished": "2026-04-12T18:19:08.684Z", "dateUpdated": "2026-04-14T16:33:07.044Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "libexif", "vendor": "libexif project", "versions": [{"lessThanOrEqual": "0.6.25", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-191", "description": "CWE-191 Integer Underflow (Wrap or Wraparound)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-12T18:55:21.234Z"}, "references": [{"url": "https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*", "versionEndIncluding": "0.6.25"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T15:18:57.747633Z", "id": "CVE-2026-40386", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:33:07.044Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40386", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T15:18:57.747633Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:19:04.263Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "libexif project", "product": "libexif", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.6.25"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-191", "description": "CWE-191 Integer Underflow (Wrap or Wraparound)"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "0.6.25"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-12T18:55:21.234Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40386", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:33:07.044Z", "dateReserved": "2026-04-12T18:19:08.139Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-12T18:19:08.684Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CBE2459-7BEF-4E03-A977-F4B9DC93695A", "versionEndIncluding": "0.6.25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs."}], "id": "CVE-2026-40386", "lastModified": "2026-04-14T20:43:44.283", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 2.5, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-12T19:16:20.640", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding", "id": "2457689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457689"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "draft"}, "cwe": "CWE-191", "details": ["A flaw was found in libexif. An integer underflow vulnerability in the size checking mechanism for Fuji and Olympus MakerNote decoding could allow attackers to exploit programs using libexif. This could lead to a Denial of Service (DoS) by crashing the program or result in information disclosure, potentially exposing sensitive data."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, users should avoid processing untrusted image files with applications that utilize libexif. Restricting the source of image files to trusted origins can reduce the risk of exploitation."}, "name": "CVE-2026-40386", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-12T18:19:08Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-40386\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40386\nhttps://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"], "statement": "Moderate impact. An integer underflow in libexif's Fuji and Olympus MakerNote decoding could allow an attacker to cause a denial of service or information disclosure. This vulnerability affects programs that process specially crafted image files utilizing libexif.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.6.25]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "inferred", "scores": [{"score": 100.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "libexif", "source": "cna", "vendor": "libexif project"}, "product": "libexif", "vendor": "libexif_project"}], "analysis": {"en": {"generated_at": "2026-04-12T19:20:16.074977+00:00", "value": {"mitigation_remediation": ["Upgrade libexif to version 0.6.26 or later.", "If an upgrade is delayed, isolate the image parsing routine in a restricted environment or sandbox.", "Validate or sanitize MakerNote data before rendering or processing it.", "Apply the patch from commit dc6eac6e9655d14d0779d99e82d0f5f442d2f34b by rebuilding libexif from source."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The libexif project\u2019s libexif component is affected in all releases up through version 0.6.25. Applications that incorporate libexif for handling image metadata are at risk.", "description_and_impact": "The vulnerability arises from an integer underflow during size verification when decoding Fuji and Olympus MakerNote data. This flaw can cause libexif to crash or expose internal memory contents, resulting in potential loss of availability or leakage of sensitive information processed by the library.", "risk_and_exploitability": "The CVSS score of 4.0 indicates a moderate risk. No EPSS data is available, and the vulnerability is not listed in CISA\u2019s KEV catalog. The likely attack vector is local or remote exploitation by supplying a crafted image that forces the library to process malformed MakerNote sections. Exploitation would require the target program to parse such an image, a condition that is relatively easy to satisfy for any image-capturing or viewing software using libexif."}}}}, "created": "2026-04-13T12:38:16.948615+00:00", "title": "Integer Underflow in Fuji and Olympus MakerNote Decoding Causing Crash or Information Leak", "updated": "2026-04-13T12:54:04.688938+00:00", "vendors": ["libexif_project", "libexif_project$PRODUCT$libexif"]}