Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
libgphoto2: Unrestricted data reads from camera devices
CVE-2026-40333
Summary
In libgphoto2 versions up to 2.5.33, some functions can read data from cameras without checking the amount of data being read. This could allow an attacker to access more data than intended, potentially leading to security issues. Update to the latest version of libgphoto2, 2.5.34 or later, to fix this issue.
Original title
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbound...
Original description
libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptp_unpack_EOS_events() have xsize available but never pass it, leaving both functions unable to validate reads against the actual buffer boundary. Commit 1817ecead20c2aafa7549dac9619fe38f47b2f53 patches the issue.
nvd CVSS3.1
6.1
Vulnerability type
CWE-125
Out-of-bounds Read
Published: 18 Apr 2026 · Updated: 18 Apr 2026 · First seen: 18 Apr 2026