{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40341", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-10T22:50:01.358Z", "datePublished": "2026-04-17T23:48:36.644Z", "dateUpdated": "2026-04-20T16:14:19.107Z"}, "containers": {"cna": {"title": "libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx", "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "lang": "en", "description": "CWE-126: Buffer Over-read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2"}, {"name": "https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987", "tags": ["x_refsource_MISC"], "url": "https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987"}], "affected": [{"vendor": "gphoto", "product": "libgphoto2", "versions": [{"version": "<= 2.5.33", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T23:48:36.644Z"}, "descriptions": [{"lang": "en", "value": "libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available."}], "source": {"advisory": "GHSA-vjx3-gjp6-r2g2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T16:14:09.218392Z", "id": "CVE-2026-40341", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:14:19.107Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40341", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T16:14:09.218392Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:14:13.974Z"}}], "cna": {"title": "libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx", "source": {"advisory": "GHSA-vjx3-gjp6-r2g2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "gphoto", "product": "libgphoto2", "versions": [{"status": "affected", "version": "<= 2.5.33"}]}], "references": [{"url": "https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2", "name": "https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987", "name": "https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T23:48:36.644Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40341", "state": "PUBLISHED", "dateUpdated": "2026-04-20T16:14:19.107Z", "dateReserved": "2026-04-10T22:50:01.358Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-17T23:48:36.644Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available."}], "id": "CVE-2026-40341", "lastModified": "2026-04-20T19:00:52.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.9, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-18T00:16:38.220", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987"}, {"source": "security-advisories@github.com", "url": "https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-126"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "libgphoto2: libgphoto2: Denial of Service via out-of-bounds read from untrusted USB devices", "id": "2459358", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459358"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.6", "cvss3_scoring_vector": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-125", "details": ["libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available.", "A flaw was found in libgphoto2, a library used for accessing and controlling cameras. An out-of-bounds read vulnerability exists in the ptp_unpack_EOS_FocusInfoEx function. This flaw can be exploited by processing input from untrusted USB devices, potentially allowing an attacker to crash the libgphoto2 application. This leads to a denial of service (DoS) for users."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-40341", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "libgphoto2", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "libgphoto2", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "libgphoto2", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libgphoto2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "libgphoto2", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-17T23:48:36Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-40341\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40341\nhttps://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987\nhttps://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.5.33]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "product": "libgphoto2", "vendor": "gphoto"}], "analysis": {"en": {"generated_at": "2026-04-21T23:19:12.793988+00:00", "value": {"mitigation_remediation": ["Upgrade libgphoto2 to a version later than 2.5.33, applying the patch introduced in commit c385b34af260595dfbb5f9329526be5158985987.", "Restrict the use of libgphoto2 to trusted USB devices or isolate its operation from untrusted peripherals until an update is available.", "Monitor the official gphoto2 repository and security advisories for any additional mitigations or notices about this issue."], "summary": {"action": "Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the open\u2011source libgphoto2 camera access library, versions up to and including 2.5.33. Systems that use these versions to communicate with cameras over USB and receive data from potentially untrusted peripherals are at risk.", "description_and_impact": "libgphoto2 contains a buffer over\u2011read in the function ptp_unpack_EOS_FocusInfoEx that can be triggered by crafted data from an untrusted USB device. The library reads beyond allocated memory (CWE\u2011125) and uses an invalid index into an array (CWE\u2011126), causing a crash. This results in a denial\u2011of\u2011service condition for any application that relies on libgphoto2, and could destabilise the host system if the crash propagates.", "risk_and_exploitability": "With a CVSS score of 3.5 the technical severity is low. The EPSS score is currently < 1% and the vulnerability is not listed in CISA\u2019s KEV catalog, so the likelihood of widespread exploitation is limited. The most likely attack vector is a local attacker who can connect a malicious USB device to a system running libgphoto2; from there the attacker can supply malformed packets to induce the over\u2011read and force a crash. No attacker privileges beyond local USB access are required, and the flaw does not allow remote code execution."}}}}, "created": "2026-04-18T08:45:41.389804+00:00", "updated": "2026-04-21T23:30:02.873318+00:00", "vendors": ["gphoto", "gphoto$PRODUCT$libgphoto2"]}