Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.4
libgphoto2: Sony camera processing can leak memory
CVE-2026-40336
Summary
A memory leak exists in libgphoto2 when processing Sony cameras. This can cause the library to consume more and more memory over time, potentially leading to performance issues or crashes. Update to version 2.5.34 or later to fix the issue.
Original title
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884–885). When processing a ...
Original description
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884–885). When processing a secondary enumeration list (introduced in 2024+ Sony cameras), the function overwrites dpd->FORM.Enum.SupportedValue with a new calloc() without freeing the previous allocation from line 857. The original array and any string values it contains are leaked on every property descriptor parse. Commit 404ff02c75f3cb280196fc260a63c4d26cf1a8f6 fixes the issue.
nvd CVSS3.1
2.4
Vulnerability type
CWE-401
Memory Leak
Published: 18 Apr 2026 · Updated: 18 Apr 2026 · First seen: 18 Apr 2026