Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
3.5
Libgphoto2 crashes when processing camera data from untrusted USB devices
CVE-2026-40341
Summary
Libgphoto2, a library for accessing and controlling cameras, has a bug that can cause it to crash when it receives bad data from an untrusted USB device. This could potentially be exploited by an attacker to disrupt camera access. Update to a version of libgphoto2 newer than 2.5.33 to fix this issue.
Original title
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input...
Original description
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available.
nvd CVSS3.1
3.5
Vulnerability type
CWE-126
Published: 18 Apr 2026 · Updated: 18 Apr 2026 · First seen: 18 Apr 2026