Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/04/17 11:40 p.m.33 views

CVE-2026-40338 libgphoto2 has OOB read in ptp_unpack_Sony_DPD() enumeration count parsing in ptp-pack.c

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTPDPFFEnumeration case of ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 856. The function reads a 2-byte enumeration count N via dtoh16odata, poffset without verifying that...

5.2CVSS0.00198EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/04/17 11:19 p.m.5 views

CVE-2026-40335

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackDPV in camlibs/ptp2/ptp-pack.c lines 622–629. The UINT128 and INT128 cases advance offset += 16 without verifying that 16 bytes remain in the buffer. The entry check at li...

5.2CVSS5.3AI score0.00198EPSS
Exploits0
Debian CVE
Debian CVE
added 2026/04/17 11:11 p.m.5 views

CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

6.1CVSS5.5AI score0.00218EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.6 views

PT-2026-33537

Name of the Vulnerable Software and Affected Versions libgphoto2 versions prior to 2.5.34 Description An out-of-bounds read exists in the ptp unpack Sony DPD function within camlibs/ptp2/ptp-pack.c. The issue occurs because the function reads the FormFlag byte using dtoh8odata, poffset without...

6.1CVSS5.8AI score0.00218EPSS
Exploits0References34
Rows per page
Query Builder