{"id":"CVE-2026-32775","details":"libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.","modified":"2026-05-30T05:39:02.559777Z","published":"2026-03-16T06:31:36.015Z","related":["openSUSE-SU-2026:10717-1"],"database_specific":{"cwe_ids":["CWE-191"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32775.json","cna_assigner":"mitre"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/32xxx/CVE-2026-32775.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32775"},{"type":"REPORT","url":"https://github.com/libexif/libexif/issues/247"},{"type":"FIX","url":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libexif/libexif","events":[{"introduced":"0"},{"fixed":"7df372e9d31d7c993a22b913c813a5f7ec4f3692"}]}],"versions":["v0.6.25","libexif-0_6_25-release","v0.6.24","libexif-0_6_24-release","v0.6.23","libexif-0_6_23-release","libexif-0_6_22-release","cvs-migration","libexif-0_6_21-release","libexif-0_6_20-release","libexif-0_6_19-release","libexif-0_6_18-release","libexif-0_6_17-release","libexif-0_6_16-release","libexif-0_6_15-release","libexif-0_6_14-release","libexif-0_6_12-release","libexif-before-0_6_0-api-change","libexif-0_5_9-release","libexif-0_5_7-release","libexif-0_5_7-rc4","libexif-0_5_7-rc3","libexif-0_5_7-rc2"],"database_specific":{"vanir_signatures":[{"deprecated":false,"target":{"file":"libexif/canon/mnote-canon-entry.c"},"digest":{"threshold":0.9,"line_hashes":["123077797541396292933739636697239122873","206384415146893471170294173187512558574","25637486100967373395769765133979595049","49847258483084827463915313013694819193"]},"source":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692","signature_type":"Line","signature_version":"v1","id":"CVE-2026-32775-101fbb1c"},{"deprecated":false,"target":{"file":"libexif/olympus/mnote-olympus-entry.c","function":"mnote_olympus_entry_get_value"},"digest":{"function_hash":"34320346969296398793193985259883286132","length":19188},"source":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692","signature_type":"Function","signature_version":"v1","id":"CVE-2026-32775-21b01034"},{"deprecated":false,"target":{"file":"libexif/apple/mnote-apple-entry.c","function":"mnote_apple_entry_get_value"},"digest":{"function_hash":"100602677859691788464118872538960174404","length":3060},"source":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692","signature_type":"Function","signature_version":"v1","id":"CVE-2026-32775-3644622b"},{"deprecated":false,"target":{"file":"libexif/pentax/mnote-pentax-entry.c"},"digest":{"threshold":0.9,"line_hashes":["32782550630686508508476696672030101325","186124096503794068425265328259952857926","210915421166181677373728042508454636578","237359345033457899467365814909470516232"]},"source":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692","signature_type":"Line","signature_version":"v1","id":"CVE-2026-32775-6f65b560"},{"deprecated":false,"target":{"file":"libexif/olympus/mnote-olympus-entry.c"},"digest":{"threshold":0.9,"line_hashes":["17623770942899669760013996359471594981","247623708820993274603516367510954534093","169264406963957873877227758346327160592","26013873729183746586715753520381278817"]},"source":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692","signature_type":"Line","signature_version":"v1","id":"CVE-2026-32775-985ccf5c"},{"deprecated":false,"target":{"file":"libexif/fuji/mnote-fuji-entry.c"},"digest":{"threshold":0.9,"line_hashes":["69467987677433462304240838847026153998","37312538084760235937971260768066673567","240892447432928773605245651667044046858","237359345033457899467365814909470516232"]},"source":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692","signature_type":"Line","signature_version":"v1","id":"CVE-2026-32775-b638a79c"},{"deprecated":false,"target":{"file":"libexif/canon/mnote-canon-entry.c","function":"mnote_canon_entry_get_value"},"digest":{"function_hash":"192558352134721190954267570149554516574","length":7087},"source":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692","signature_type":"Function","signature_version":"v1","id":"CVE-2026-32775-d3a1e6fc"},{"deprecated":false,"target":{"file":"libexif/fuji/mnote-fuji-entry.c","function":"mnote_fuji_entry_get_value"},"digest":{"function_hash":"153278047503553482199493295374703086019","length":3780},"source":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692","signature_type":"Function","signature_version":"v1","id":"CVE-2026-32775-ea77f0fe"},{"deprecated":false,"target":{"file":"libexif/apple/mnote-apple-entry.c"},"digest":{"threshold":0.9,"line_hashes":["280547937605808194364610590059926974212","60815729697536042772249596887479449645","221026997535790496887683849476160693985","156643394666035426850096275019725163965"]},"source":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692","signature_type":"Line","signature_version":"v1","id":"CVE-2026-32775-f571aab2"},{"deprecated":false,"target":{"file":"libexif/pentax/mnote-pentax-entry.c","function":"mnote_pentax_entry_get_value"},"digest":{"function_hash":"210178960567729861828062443618567972113","length":5916},"source":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692","signature_type":"Function","signature_version":"v1","id":"CVE-2026-32775-fde45247"}],"vanir_signatures_modified":"2026-05-30T05:39:02Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-32775.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}