Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
3.5
Libgphoto2's Canon Camera Access Library May Crash or Expose Data
CVE-2026-40334
Summary
Libgphoto2's camera library has a bug that can cause it to crash or expose sensitive data when interacting with Canon cameras. This affects all versions up to and including 2.5.33. To fix the issue, update to version 2.5.34 or later.
Original title
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The func...
Original description
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. If the source data is exactly 13 bytes with no null terminator, the buffer is left unterminated, leading to out-of-bounds reads in any subsequent string operation. Commit 259fc7d3bfe534ce4b114c464f55b448670ab873 patches the issue.
nvd CVSS3.1
3.5
Vulnerability type
CWE-170
Published: 18 Apr 2026 · Updated: 18 Apr 2026 · First seen: 18 Apr 2026