libgphoto2-6-2.5.34-1.1 on GA media (moderate)

libgphoto2-6-2.5.34-1.1 on GA media Announcement ID: openSUSE-SU-2026:10916-1 Rating: moderate Cross-References: CVE-2026-40333 CVE-2026-40334 CVE-2026-40335 CVE-2026-40336 CVE-2026-40338 CVE-2026-40339 CVE-2026-40340 CVE-2026-40341 CVSS scores: CVE-2026-40333 SUSE : 6.1...

OPENSUSE-SU-2026:10916-1 libgphoto2-6-2.5.34-1.1 on GA media

These are all security issues fixed in the libgphoto2-6-2.5.34-1.1 package on the GA media of openSUSE Tumbleweed...

OESA-2026-2071 libgphoto2 security update

is the core of gphoto2 software. It is a portable library which gives access to literally hundreds of digital cameras. Security Fixes: libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in the ptpunpackCanonFE function in...

OESA-2026-2069 libgphoto2 security update

is the core of gphoto2 software. It is a portable library which gives access to literally hundreds of digital cameras. Security Fixes: libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in the ptpunpackCanonFE function in...

OESA-2026-2068 libgphoto2 security update

is the core of gphoto2 software. It is a portable library which gives access to literally hundreds of digital cameras. Security Fixes: libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in the ptpunpackCanonFE function in...

OESA-2026-2067 libgphoto2 security update

is the core of gphoto2 software. It is a portable library which gives access to literally hundreds of digital cameras. Security Fixes: libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in the ptpunpackCanonFE function in...

SUSE CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

SUSE CVE-2026-40334

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...

SUSE CVE-2026-40335

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackDPV in camlibs/ptp2/ptp-pack.c lines 622-629. The UINT128 and INT128 cases advance offset += 16 without verifying that 16 bytes remain in the buffer. The entry check at li...

SUSE CVE-2026-40336

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c lines 884-885. When processing a secondary enumeration list introduced in 2024+ Sony cameras, the function overwrites dpd-FORM.Enum.SupportedVal...

SUSE CVE-2026-40338

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTPDPFFEnumeration case of ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 856. The function reads a 2-byte enumeration count N via dtoh16odata, poffset without verifying that...

SUSE CVE-2026-40339

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 842. The function reads the FormFlag byte via dtoh8odata, poffset without a prior bounds check. The standard ptpunpackDPD at lines...

SUSE CVE-2026-40340

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptpunpackOI in camlibs/ptp2/ptp-pack.c lines 530-563. The function validates len PTPoiSequenceNumber i.e., len 48 but subsequently accesses offsets 48-56, up to 9 byt...

SUSE CVE-2026-40341

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptpunpackEOSFocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known...

CVE-2026-40334

A flaw was found in libgphoto2, a camera access and control library. A missing null terminator in the ptpunpackCanonFE function, when processing a specially crafted 13-byte filename, can lead to an out-of-bounds read. This vulnerability may allow a local attacker with physical access to cause...

CVE-2026-40341

A flaw was found in libgphoto2, a library used for accessing and controlling cameras. An out-of-bounds read vulnerability exists in the ptpunpackEOSFocusInfoEx function. This flaw can be exploited by processing input from untrusted USB devices, potentially allowing an attacker to crash the...

CVE-2026-40339

A flaw was found in libgphoto2, a library for camera access and control. An out-of-bounds read vulnerability exists in the ptpunpackSonyDPD function due to a missing bounds check when reading the FormFlag byte. This flaw could allow an attacker to disclose sensitive information from memory...

CVE-2026-40333

A flaw was found in libgphoto2, a library used for camera access and control. Two functions within the library's Picture Transfer Protocol PTP handling component do not properly validate the size of data being read, allowing for unbounded reads. A local attacker with physical access to a system...

CVE-2026-40338

A flaw was found in libgphoto2, a library for camera access and control. An out-of-bounds read vulnerability exists in the ptpunpackSonyDPD function. This occurs when the function attempts to read a 2-byte enumeration count without first verifying that sufficient data remains in the buffer. A loc...

CVE-2026-40336

A flaw was found in libgphoto2, a camera access and control library. When processing a secondary enumeration list from certain Sony cameras, the ptpunpackSonyDPD function improperly handles memory allocation. This oversight causes a memory leak, which can lead to resource exhaustion and potential...