High severity7.4NVD Advisory· Published Mar 16, 2026· Updated Apr 21, 2026

CVE-2026-32775

Description

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.

Affected products

Libexif Project/Libexif
cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*
Range: <=0.6.25

Patches

7df372e9d31d

https://github.com/libexif/libexifvia nvd-ref

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692nvdPatch
github.com/libexif/libexif/issues/247nvdIssue TrackingExploitVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.481
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000