Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.2
libgphoto2: Sony camera data access can reveal sensitive info
CVE-2026-40338
Summary
A bug in the libgphoto2 library for accessing and controlling cameras can allow an attacker to read sensitive information from Sony cameras. This issue affects versions up to 2.5.33. To fix the issue, update to version 2.5.34 or later.
Original title
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTP_DPFF_Enumeration case of `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pa...
Original description
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTP_DPFF_Enumeration case of `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 856). The function reads a 2-byte enumeration count N via `dtoh16o(data, *poffset)` without verifying that 2 bytes remain in the buffer. The standard `ptp_unpack_DPD()` at line 704 has this exact check, confirming the Sony variant omitted it by oversight. Commit 3b9f9696be76ae51dca983d9dd8ce586a2561845 fixes the issue.
nvd CVSS3.1
5.2
Vulnerability type
CWE-125
Out-of-bounds Read
Published: 18 Apr 2026 · Updated: 18 Apr 2026 · First seen: 18 Apr 2026