Medium severity4.0NVD Advisory· Published Apr 12, 2026· Updated Apr 14, 2026
CVE-2026-40386
CVE-2026-40386
Description
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*range: <=0.6.25
- (no CPE)range: <=0.6.25
- osv-coords4 versionspkg:rpm/almalinux/libexifpkg:rpm/almalinux/libexif-develpkg:rpm/almalinux/libexif-docpkg:rpm/opensuse/libexif&distro=openSUSE%20Tumbleweed
< 0.6.22-6.el8_10+ 3 more
- (no CPE)range: < 0.6.22-6.el8_10
- (no CPE)range: < 0.6.22-6.el8_10
- (no CPE)range: < 0.6.24-9.el10_2.1
- (no CPE)range: < 0.6.26-1.1
Patches
Vulnerability mechanics
References
1News mentions
1- Patch Tuesday - April 2026Rapid7 Blog · Apr 14, 2026