Medium severity4.0NVD Advisory· Published Apr 12, 2026· Updated Apr 14, 2026
CVE-2026-40385
CVE-2026-40385
Description
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*range: <=0.6.25
- (no CPE)range: <=0.6.25
- osv-coords3 versionspkg:rpm/almalinux/libexifpkg:rpm/almalinux/libexif-develpkg:rpm/opensuse/libexif&distro=openSUSE%20Tumbleweed
< 0.6.22-6.el8_10+ 2 more
- (no CPE)range: < 0.6.22-6.el8_10
- (no CPE)range: < 0.6.22-6.el8_10
- (no CPE)range: < 0.6.26-1.1
Patches
Vulnerability mechanics
References
1News mentions
1- Patch Tuesday - April 2026Rapid7 Blog · Apr 14, 2026