{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-32775", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-03-16T06:31:35.564Z", "datePublished": "2026-03-16T06:31:36.015Z", "dateUpdated": "2026-04-12T18:23:28.578Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "libexif", "vendor": "libexif project", "versions": [{"lessThanOrEqual": "0.6.25", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-191", "description": "CWE-191 Integer Underflow (Wrap or Wraparound)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-12T18:23:28.578Z"}, "references": [{"url": "https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692"}, {"url": "https://github.com/libexif/libexif/issues/247"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*", "versionEndIncluding": "0.6.25"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T13:45:37.578774Z", "id": "CVE-2026-32775", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T12:53:49.253Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32775", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-16T13:45:37.578774Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T13:45:44.480Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "libexif project", "product": "libexif", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.6.25"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692"}, {"url": "https://github.com/libexif/libexif/issues/247"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-191", "description": "CWE-191 Integer Underflow (Wrap or Wraparound)"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "0.6.25"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-12T18:23:28.578Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32775", "state": "PUBLISHED", "dateUpdated": "2026-04-12T18:23:28.578Z", "dateReserved": "2026-03-16T06:31:35.564Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-16T06:31:36.015Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CBE2459-7BEF-4E03-A977-F4B9DC93695A", "versionEndIncluding": "0.6.25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow."}, {"lang": "es", "value": "libexif hasta 0.6.25 tiene una falla en la decodificaci\u00f3n de MakerNotes. Si a la funci\u00f3n exif_mnote_data_get_value se le pasa un tama\u00f1o de 0, el b\u00fafer pasado ser\u00eda sobrescrito debido a un subdesbordamiento de enteros."}], "id": "CVE-2026-32775", "lastModified": "2026-04-21T13:54:31.967", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.9, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-16T14:19:44.413", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Exploit", "Vendor Advisory"], "url": "https://github.com/libexif/libexif/issues/247"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-191"}], "source": "cve@mitre.org", "type": "Secondary"}]}

{"bugzilla": {"description": "libexif: libexif: Buffer overwrite via integer underflow in MakerNotes decoding", "id": "2447881", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2447881"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-191", "details": ["A flaw was found in libexif. When decoding MakerNotes, an integer underflow can occur in the exif_mnote_data_get_value function if a zero size is passed. This can lead to a buffer overwrite, potentially allowing an attacker to achieve arbitrary code execution, disclose sensitive information, or cause a denial of service (DoS)."], "mitigation": {"lang": "en:us", "value": "To mitigate this issue, avoid processing untrusted image files that may contain specially crafted EXIF MakerNotes. Restrict the use of applications that process EXIF data to trusted sources only."}, "name": "CVE-2026-32775", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-16T06:31:36Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-32775\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-32775\nhttps://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692\nhttps://github.com/libexif/libexif/issues/247"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.6.25]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "libexif", "source": "cna", "vendor": "libexif"}, "product": "libexif", "vendor": "libexif"}], "analysis": {"en": {"generated_at": "2026-04-12T19:20:51.532329+00:00", "value": {"mitigation_remediation": ["Update libexif to version 0.6.26 or later to apply the patch that eliminates the integer underflow in MakerNotes decoding.", "Rebuild or retarget the application to link against the updated library to ensure the fix is in effect.", "If upgrading the library immediately is not feasible, consider temporarily disabling MakerNotes parsing or validating EXIF data from untrusted sources to prevent the overflow condition from being reached.", "Consult the libexif issue tracker or security advisories for any additional mitigation guidance or updates."], "summary": {"action": "Immediate Patch", "impact": "Remote code execution"}, "threat_synthesis": {"affected_systems": "The affected product is the libexif library released by the libexif project. All versions up to and including 0.6.25 contain the vulnerability. Applications that embed or link against these legacy releases should verify whether they use an affected version. Users of newer releases (0.6.26 and later) are not impacted.", "description_and_impact": "The flaw resides in libexif's MakerNotes decoding routine. When the function exif_mnote_data_get_value is invoked with a buffer size of zero, an integer underflow occurs, causing memory to be written beyond the bounds of the supplied buffer. This buffer overrun can corrupt the process\u2019s memory, potentially leading to arbitrary code execution or application crashes, depending on context. The weakness is identified as integer underflow (CWE\u2011191).", "risk_and_exploitability": "The CVSS base score of 7.4 indicates high severity. The EPSS score of less than 1% and the absence from the CISA KEV catalog suggest that exploit activity is currently limited. The vulnerability is triggered when malicious EXIF data is processed by libexif, which could occur via local file handling or through network paths that deliver image files. The exact attack vector cannot be confirmed from the data, but it is inferred that an attacker could supply a crafted file that triggers the integer underflow, leading to memory corruption and potentially compromising the host system."}}}}, "created": "2026-03-17T09:53:17.776799+00:00", "updated": "2026-04-13T14:28:32.097829+00:00", "vendors": ["libexif", "libexif$PRODUCT$libexif"]}