{"id":"CVE-2026-40386","details":"In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.","modified":"2026-06-03T14:44:13.562543937Z","published":"2026-04-12T18:19:08.684Z","related":["ALSA-2026:20929","ALSA-2026:22553","openSUSE-SU-2026:10717-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40386.json","cwe_ids":["CWE-191"],"cna_assigner":"mitre"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/40xxx/CVE-2026-40386.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-40386"},{"type":"FIX","url":"https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libexif/libexif","events":[{"introduced":"0"},{"fixed":"dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"}]}],"versions":["v0.6.25","libexif-0_6_25-release","v0.6.24","libexif-0_6_24-release","v0.6.23","libexif-0_6_23-release","libexif-0_6_22-release","cvs-migration","libexif-0_6_21-release","libexif-0_6_20-release","libexif-0_6_19-release","libexif-0_6_18-release","libexif-0_6_17-release","libexif-0_6_16-release","libexif-0_6_15-release","libexif-0_6_14-release","libexif-0_6_12-release","libexif-before-0_6_0-api-change","libexif-0_5_9-release","libexif-0_5_7-release","libexif-0_5_7-rc4","libexif-0_5_7-rc3","libexif-0_5_7-rc2"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","id":"CVE-2026-40386-5d76fe76","deprecated":false,"signature_version":"v1","target":{"file":"libexif/olympus/exif-mnote-data-olympus.c","function":"exif_mnote_data_olympus_get_value"},"digest":{"length":292,"function_hash":"89651194716944256166666105002455224126"},"source":"https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"},{"signature_type":"Function","id":"CVE-2026-40386-8c7e5880","deprecated":false,"signature_version":"v1","target":{"file":"libexif/fuji/exif-mnote-data-fuji.c","function":"exif_mnote_data_fuji_get_value"},"digest":{"length":292,"function_hash":"89651194716944256166666105002455224126"},"source":"https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"},{"signature_type":"Line","id":"CVE-2026-40386-970107f3","deprecated":false,"signature_version":"v1","target":{"file":"libexif/olympus/exif-mnote-data-olympus.c"},"digest":{"threshold":0.9,"line_hashes":["134657048840523953532291051655678286599","330620488256842591126409580115434617653","318388110906489116545935652924689243310","201666159675207808264155098465449719230"]},"source":"https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"},{"signature_type":"Line","id":"CVE-2026-40386-f3dbecf1","deprecated":false,"signature_version":"v1","target":{"file":"libexif/fuji/exif-mnote-data-fuji.c"},"digest":{"threshold":0.9,"line_hashes":["79348447117930777702955799481112448007","228581815217580039735945598299510135846","156379962593853258986688813785805367582","86655364894345662921658811840849055363"]},"source":"https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b"}],"vanir_signatures_modified":"2026-05-28T09:21:15Z","source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-40386.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L"}]}