CVE-2026-32775
published 2026-03-16CVE-2026-32775: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be…
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libexif | — | — |
| libexif_project | libexif | <= 0.6.25 | — |
| msrc | azl3_libexif_0.6.24-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_libexif_0.6.24-1_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv7.4HIGH