CVE-2026-32775Integer Underflow (Wrap or Wraparound) in Project Libexif

CWE-191Integer Underflow (Wrap or Wraparound)8 documents8 sources
Severity
7.4HIGHNVD
EPSS
0.0%
top 95.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libexif Project Libexif
Timeline
PublishedMar 16

Description

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 1.4 | Impact: 5.9

Affected Packages1 packages

CVEListV5libexif_project/libexif0.6.25

🔴Vulnerability Details

3
GHSA
GHSA-pq8m-942f-68cv: libexif through 02026-03-16
CVEList
CVE-2026-32775: libexif through 02026-03-16
OSV
CVE-2026-32775: libexif through 02026-03-16

📋Vendor Advisories

3
Red Hat
libexif: libexif: Buffer overwrite via integer underflow in MakerNotes decoding2026-03-16
Microsoft
CVE-2026-32775: Mariner: Mariner mitre: mitre Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn2026-03-10
Debian
CVE-2026-32775: libexif - libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-32775 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-32775 — Integer Underflow (Wrap or Wraparound) | cvebase