{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-40385", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-04-12T18:16:29.829Z", "datePublished": "2026-04-12T18:16:30.420Z", "dateUpdated": "2026-04-14T16:33:12.567Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "libexif", "vendor": "libexif project", "versions": [{"lessThanOrEqual": "0.6.25", "status": "affected", "version": "0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-12T18:53:59.608Z"}, "references": [{"url": "https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*", "versionEndIncluding": "0.6.25"}]}]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T15:18:42.610693Z", "id": "CVE-2026-40385", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:33:12.567Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40385", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T15:18:42.610693Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:18:46.319Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "libexif project", "product": "libexif", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.6.25"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190 Integer Overflow or Wraparound"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "0.6.25"}], "operator": "OR"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-12T18:53:59.608Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40385", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:33:12.567Z", "dateReserved": "2026-04-12T18:16:29.829Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-12T18:16:30.420Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libexif_project:libexif:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CBE2459-7BEF-4E03-A977-F4B9DC93695A", "versionEndIncluding": "0.6.25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems."}], "id": "CVE-2026-40385", "lastModified": "2026-04-14T20:15:39.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 2.5, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-04-12T19:16:20.480", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "cve@mitre.org", "type": "Primary"}]}

{"bugzilla": {"description": "libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling", "id": "2457687", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457687"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.0", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "status": "draft"}, "cwe": "CWE-190", "details": ["A flaw was found in libexif. A local attacker on a 32-bit system could exploit an unsigned 32-bit integer overflow vulnerability in the Nikon MakerNote handling. This could lead to application crashes or the disclosure of sensitive information."], "mitigation": {"lang": "en:us", "value": "On 32-bit systems, avoid processing untrusted image files that contain Nikon MakerNotes. This operational control reduces the risk of exploitation by preventing vulnerable applications from parsing malicious EXIF data."}, "name": "CVE-2026-40385", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "libexif", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-04-12T18:16:30Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-40385\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-40385\nhttps://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58"], "statement": "This Moderate impact vulnerability in libexif affects 32-bit systems. A local attacker could trigger an integer overflow in the Nikon MakerNote handling, potentially leading to application crashes or information disclosure.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,0.6.25]"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "libexif", "source": "cna", "vendor": "libexif project"}, "product": "libexif", "vendor": "libexif_project"}], "analysis": {"en": {"generated_at": "2026-04-12T19:50:55.599587+00:00", "value": {"mitigation_remediation": ["Upgrade libexif to version 0.6.26 or later if available.", "Restrict or sandbox local file processing that uses libexif to limit exposure.", "Monitor the libexif project for releases and apply patches as soon as they appear.", "Use 64\u2011bit platforms to avoid the vulnerability when practical."], "summary": {"action": "Apply Patch", "impact": "Denial of Service or Information Leak"}, "threat_synthesis": {"affected_systems": "All 32\u2011bit platforms that use libexif 0.6.25 or earlier are affected. Applications on 32\u2011bit Linux, Windows, or macOS that process JPEG, TIFF, or other images containing Nikon MakerNote metadata are at risk. 64\u2011bit builds are not impacted.", "description_and_impact": "An unsigned 32\u2011bit integer overflow exists in the Nikon MakerNote handling code of libexif versions up to 0.6.25. The overflow allows an adversary to manipulate a size field so that the library reads or writes past its intended bounds, potentially causing a crash or leaking data from memory. This weakness is classified as a numeric overflow (CWE\u2011190).", "risk_and_exploitability": "The CVSS score of 4.0 represents moderate severity, and the vulnerability is exploitable only by local attackers who can supply a crafted image file. Because no EPSS score is available and the issue is not listed in the CISA KEV catalog, it appears to be a low\u2011probability risk, but it can still cause denial of service or expose sensitive data. The likely attack vector is a local file that is parsed by libexif \u2013 this inference is drawn from the description of the vulnerability. Organizations should treat this as a fixable flaw that warrants a prompt update, especially in environments that handle untrusted image files."}}}}, "created": "2026-04-13T12:38:17.899489+00:00", "title": "Unsigned Integer Overflow in Nikon MakerNote Parsing Causing Crashes or Information Leaks on libexif", "updated": "2026-04-13T12:54:05.819755+00:00", "vendors": ["libexif_project", "libexif_project$PRODUCT$libexif"]}