VYPR

rpm package

opensuse/libgphoto2&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/libgphoto2&distro=openSUSE%20Tumbleweed

Vulnerabilities (8)

  • CVE-2026-40341LowApr 18, 2026
    affected < 2.5.34-1.1fixed 2.5.34-1.1

    libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contai

  • CVE-2026-40340MedApr 18, 2026
    affected < 2.5.34-1.1fixed 2.5.34-1.1

    libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in `ptp_unpack_OI()` in `camlibs/ptp2/ptp-pack.c` (lines 530–563). The function validates `len < PTP_oi_SequenceNumber` (i.e., len < 48) but subsequentl

  • CVE-2026-40339MedApr 18, 2026
    affected < 2.5.34-1.1fixed 2.5.34-1.1

    libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 842). The function reads the FormFlag byte via `dtoh8o(data, *poffset)` without a prior bounds check. Th

  • CVE-2026-40338MedApr 18, 2026
    affected < 2.5.34-1.1fixed 2.5.34-1.1

    libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTP_DPFF_Enumeration case of `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 856). The function reads a 2-byte enumeration count N via `dtoh16o(data

  • CVE-2026-40336LowApr 18, 2026
    affected < 2.5.34-1.1fixed 2.5.34-1.1

    libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884–885). When processing a secondary enumeration list (introduced in 2024+ Sony cameras), the function overwri

  • CVE-2026-40335MedApr 18, 2026
    affected < 2.5.34-1.1fixed 2.5.34-1.1

    libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_DPV()` in `camlibs/ptp2/ptp-pack.c` (lines 622–629). The UINT128 and INT128 cases advance `*offset += 16` without verifying that 16 bytes remain in the

  • CVE-2026-40334LowApr 18, 2026
    affected < 2.5.34-1.1fixed 2.5.34-1.1

    libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename into a 13-byte buffer using strncpy without explicitly null-

  • CVE-2026-40333MedApr 18, 2026
    affected < 2.5.34-1.1fixed 2.5.34-1.1

    libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptp_unpack_EOS_events() have xsize available but never p