SUSE CVE-2026-40341

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptpunpackEOSFocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known...

CVE-2026-40334

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...

DEBIAN-CVE-2026-40334

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...

DEBIAN-CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

CVE-2026-40336

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c lines 884–885. When processing a secondary enumeration list introduced in 2024+ Sony cameras, the function overwrites dpd-FORM.Enum.SupportedVal...

UBUNTU-CVE-2026-40338

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTPDPFFEnumeration case of ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 856. The function reads a 2-byte enumeration count N via dtoh16odata, poffset without verifying that...

CVE-2026-40341

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptpunpackEOSFocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known...

UBUNTU-CVE-2026-40335

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackDPV in camlibs/ptp2/ptp-pack.c lines 622–629. The UINT128 and INT128 cases advance offset += 16 without verifying that 16 bytes remain in the buffer. The entry check at li...

CVE-2026-40338

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTPDPFFEnumeration case of ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 856. The function reads a 2-byte enumeration count N via dtoh16odata, poffset without verifying that...

CVE-2026-40340

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptpunpackOI in camlibs/ptp2/ptp-pack.c lines 530–563. The function validates len PTPoiSequenceNumber i.e., len 48 but subsequently accesses offsets 48–56, up to 9 byt...

UBUNTU-CVE-2026-40334

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...

UBUNTU-CVE-2026-40336

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c lines 884–885. When processing a secondary enumeration list introduced in 2024+ Sony cameras, the function overwrites dpd-FORM.Enum.SupportedVal...

CVE-2026-40339

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 842. The function reads the FormFlag byte via dtoh8odata, poffset without a prior bounds check. The standard ptpunpackDPD at lines...

Linux Distros Unpatched Vulnerability : CVE-2026-40340

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of- bounds read vulnerability in ptpunpackOI in...

libgphoto2 安全漏洞

libgphoto2 is an open-source camera access and control library developed by gPhoto. Versions of libgphoto2 prior to 2.5.33 contained security vulnerabilities. These vulnerabilities stemmed from two functions in camlibs/ptp2/ptp-pack.c that allowed unbounded reading, potentially leading to...

Linux Distros Unpatched Vulnerability : CVE-2026-40334

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in...

CVE-2026-40340 libgphoto2 has OOB read in ptp_unpack_OI() in ptp-pack.c via malicious PTP ObjectInfo response

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptpunpackOI in camlibs/ptp2/ptp-pack.c lines 530–563. The function validates len PTPoiSequenceNumber i.e., len 48 but subsequently accesses offsets 48–56, up to 9 byt...

EUVD-2026-23605

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTPDPFFEnumeration case of ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 856. The function reads a 2-byte enumeration count N via dtoh16odata, poffset without verifying that...

CVE-2026-40335

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackDPV in camlibs/ptp2/ptp-pack.c lines 622–629. The UINT128 and INT128 cases advance offset += 16 without verifying that 16 bytes remain in the buffer. The entry check at li...

CVE-2026-40334

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...