2459365 – (CVE-2026-40333) CVE-2026-40333 libgphoto2: libgphoto2: Information disclosure and denial of service via unbounded reads

Bug 2459365 (CVE-2026-40333) - CVE-2026-40333 libgphoto2: libgphoto2: Information disclosure and denial of service via unbounded reads

Summary: CVE-2026-40333 libgphoto2: libgphoto2: Information disclosure and denial of s...

Keywords:
Status:	NEW
Alias:	CVE-2026-40333
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2459733
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-18 00:01 UTC by OSIDB Bzimport
Modified:	2026-04-20 13:31 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-18 00:01:49 UTC

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptp_unpack_EOS_events() have xsize available but never pass it, leaving both functions unable to validate reads against the actual buffer boundary. Commit 1817ecead20c2aafa7549dac9619fe38f47b2f53 patches the issue.

Note You need to log in before you can comment on or make changes to this bug.