Bug 2457689 (CVE-2026-40386) - CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding
Summary: CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure...
Keywords:
Status: NEW
Alias: CVE-2026-40386
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2457746
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-04-12 19:01 UTC by OSIDB Bzimport
Modified: 2026-06-17 13:03 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2026:20929 0 None None None 2026-05-26 15:20:24 UTC
Red Hat Product Errata RHSA-2026:22529 0 None None None 2026-06-03 04:37:04 UTC
Red Hat Product Errata RHSA-2026:22553 0 None None None 2026-06-03 04:37:18 UTC
Red Hat Product Errata RHSA-2026:26190 0 None None None 2026-06-16 08:19:09 UTC
Red Hat Product Errata RHSA-2026:26191 0 None None None 2026-06-16 08:15:21 UTC
Red Hat Product Errata RHSA-2026:26192 0 None None None 2026-06-16 08:20:13 UTC
Red Hat Product Errata RHSA-2026:26224 0 None None None 2026-06-16 10:40:50 UTC
Red Hat Product Errata RHSA-2026:26274 0 None None None 2026-06-16 11:53:54 UTC
Red Hat Product Errata RHSA-2026:26276 0 None None None 2026-06-16 11:57:54 UTC
Red Hat Product Errata RHSA-2026:26292 0 None None None 2026-06-16 12:43:49 UTC
Red Hat Product Errata RHSA-2026:26567 0 None None None 2026-06-17 13:03:17 UTC

Description OSIDB Bzimport 2026-04-12 19:01:21 UTC 
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
Comment 2 errata-xmlrpc 2026-05-26 15:20:23 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:20929 https://access.redhat.com/errata/RHSA-2026:20929
Comment 3 errata-xmlrpc 2026-06-03 04:37:03 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:22529 https://access.redhat.com/errata/RHSA-2026:22529
Comment 4 errata-xmlrpc 2026-06-03 04:37:17 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:22553 https://access.redhat.com/errata/RHSA-2026:22553
Comment 5 errata-xmlrpc 2026-06-16 08:15:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Extended Update Support Long-Life Add-On

Via RHSA-2026:26191 https://access.redhat.com/errata/RHSA-2026:26191
Comment 6 errata-xmlrpc 2026-06-16 08:19:08 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:26190 https://access.redhat.com/errata/RHSA-2026:26190
Comment 7 errata-xmlrpc 2026-06-16 08:20:12 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions

Via RHSA-2026:26192 https://access.redhat.com/errata/RHSA-2026:26192
Comment 8 errata-xmlrpc 2026-06-16 10:40:49 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:26224 https://access.redhat.com/errata/RHSA-2026:26224
Comment 9 errata-xmlrpc 2026-06-16 11:53:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:26274 https://access.redhat.com/errata/RHSA-2026:26274
Comment 10 errata-xmlrpc 2026-06-16 11:57:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:26276 https://access.redhat.com/errata/RHSA-2026:26276
Comment 11 errata-xmlrpc 2026-06-16 12:43:48 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:26292 https://access.redhat.com/errata/RHSA-2026:26292
Comment 12 errata-xmlrpc 2026-06-17 13:03:16 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:26567 https://access.redhat.com/errata/RHSA-2026:26567
Note You need to log in before you can comment on or make changes to this bug.