Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
libgphoto2: Camera library allows reading sensitive data
CVE-2026-40340
Summary
A security issue in libgphoto2's camera library could allow an attacker to access sensitive information from cameras. This issue affects versions up to and including 2.5.33. To stay secure, update to version 2.5.34 or later.
Original title
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in `ptp_unpack_OI()` in `camlibs/ptp2/ptp-pack.c` (lines 530–563). Th...
Original description
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in `ptp_unpack_OI()` in `camlibs/ptp2/ptp-pack.c` (lines 530–563). The function validates `len < PTP_oi_SequenceNumber` (i.e., len < 48) but subsequently accesses offsets 48–56, up to 9 bytes beyond the validated boundary, via the Samsung Galaxy 64-bit objectsize detection heuristic. Commit 7c7f515bc88c3d0c4098ac965d313518e0ccbe33 fixes the issue.
nvd CVSS3.1
6.1
Vulnerability type
CWE-125
Out-of-bounds Read
Published: 18 Apr 2026 · Updated: 18 Apr 2026 · First seen: 18 Apr 2026