Bug 2459365 (CVE-2026-40333)
| Summary: | CVE-2026-40333 libgphoto2: libgphoto2: Information disclosure and denial of service via unbounded reads | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in libgphoto2, a library used for camera access and control. Two functions within the library's Picture Transfer Protocol (PTP) handling component do not properly validate the size of data being read, allowing for unbounded reads. A local attacker with physical access to a system utilizing libgphoto2 could exploit this vulnerability. This could lead to the disclosure of sensitive information from memory or cause the application to crash, resulting in a denial of service.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2459733 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2026-04-18 00:01:49 UTC
|