OESA-2026-2070 libgphoto2 security update

is the core of gphoto2 software. It is a portable library which gives access to literally hundreds of digital cameras. Security Fixes: libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in the ptpunpackCanonFE function in...

OESA-2026-2068 libgphoto2 security update

is the core of gphoto2 software. It is a portable library which gives access to literally hundreds of digital cameras. Security Fixes: libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in the ptpunpackCanonFE function in...

SUSE CVE-2026-40333

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, two functions in camlibs/ptp2/ptp-pack.c accept a data pointer but no length parameter, performing unbounded reads. Their callers in ptpunpackEOSevents have xsize available but never pass it, leaving both...

SUSE CVE-2026-40335

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackDPV in camlibs/ptp2/ptp-pack.c lines 622-629. The UINT128 and INT128 cases advance offset += 16 without verifying that 16 bytes remain in the buffer. The entry check at li...

SUSE CVE-2026-40336

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c lines 884-885. When processing a secondary enumeration list introduced in 2024+ Sony cameras, the function overwrites dpd-FORM.Enum.SupportedVal...

CVE-2026-40334

A flaw was found in libgphoto2, a camera access and control library. A missing null terminator in the ptpunpackCanonFE function, when processing a specially crafted 13-byte filename, can lead to an out-of-bounds read. This vulnerability may allow a local attacker with physical access to cause...

CVE-2026-40335

A flaw was found in libgphoto2, a library for camera access. This out-of-bounds read vulnerability in the ptpunpackDPV function occurs because the software does not properly validate buffer boundaries when handling specific data types. An attacker with physical access to the device could exploit...

CVE-2026-40340

A flaw was found in libgphoto2, a library for camera access and control. An out-of-bounds read vulnerability exists in the ptpunpackOI function due to insufficient validation. A local attacker could exploit this by crafting specific input related to the Samsung Galaxy 64-bit objectsize detection...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ptpunpackSonyDPD function when parsing the FormFlag field due to missing bounds checking before reading data. An attacker can cause information disclosure or application instability by supplying crafted input...

Improper Null Termination

Overview Affected versions of this package are vulnerable to Improper Null Termination due to improper null termination in the ptpunpackCanonFE function. An attacker can cause out-of-bounds reads by supplying crafted data that fills the filename buffer exactly, leading to unintended memory access...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ptpunpackDPV function when handling UINT128 and INT128 types. An attacker can cause sensitive information disclosure or application crash by providing a crafted buffer that does not contain enough bytes, leadin...

CVE-2026-40341

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptpunpackEOSFocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known...

DEBIAN-CVE-2026-40340

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptpunpackOI in camlibs/ptp2/ptp-pack.c lines 530–563. The function validates len PTPoiSequenceNumber i.e., len 48 but subsequently accesses offsets 48–56, up to 9 byt...

CVE-2026-40336

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c lines 884–885. When processing a secondary enumeration list introduced in 2024+ Sony cameras, the function overwrites dpd-FORM.Enum.SupportedVal...

CVE-2026-40338

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTPDPFFEnumeration case of ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 856. The function reads a 2-byte enumeration count N via dtoh16odata, poffset without verifying that...

DEBIAN-CVE-2026-40334

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptpunpackCanonFE in camlibs/ptp2/ptp-pack.c line 1377. The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. ...

Linux Distros Unpatched Vulnerability : CVE-2026-40336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c lines...

CVE-2026-40340

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read vulnerability in ptpunpackOI in camlibs/ptp2/ptp-pack.c lines 530–563. The function validates len PTPoiSequenceNumber i.e., len 48 but subsequently accesses offsets 48–56, up to 9 byt...

EUVD-2026-23605

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTPDPFFEnumeration case of ptpunpackSonyDPD in camlibs/ptp2/ptp-pack.c line 856. The function reads a 2-byte enumeration count N via dtoh16odata, poffset without verifying that...

EUVD-2026-23586

libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in ptpunpackDPV in camlibs/ptp2/ptp-pack.c lines 622–629. The UINT128 and INT128 cases advance offset += 16 without verifying that 16 bytes remain in the buffer. The entry check at li...