2459367 – (CVE-2026-40340) CVE-2026-40340 libgphoto2: libgphoto2: Information disclosure and denial of service via out-of-bounds read

Bug 2459367 (CVE-2026-40340) - CVE-2026-40340 libgphoto2: libgphoto2: Information disclosure and denial of service via out-of-bounds read

Summary: CVE-2026-40340 libgphoto2: libgphoto2: Information disclosure and denial of s...

Keywords:
Status:	NEW
Alias:	CVE-2026-40340
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-18 00:01 UTC by OSIDB Bzimport
Modified:	2026-04-20 10:24 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-18 00:01:55 UTC

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in `ptp_unpack_OI()` in `camlibs/ptp2/ptp-pack.c` (lines 530–563). The function validates `len < PTP_oi_SequenceNumber` (i.e., len < 48) but subsequently accesses offsets 48–56, up to 9 bytes beyond the validated boundary, via the Samsung Galaxy 64-bit objectsize detection heuristic. Commit 7c7f515bc88c3d0c4098ac965d313518e0ccbe33 fixes the issue.

Note You need to log in before you can comment on or make changes to this bug.