CVE-2026-40385
published 2026-04-12CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information…
PriorityP428high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
EPSS
0.09%
0.8th percentile
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| libexif_project | libexif | <= 0.6.25 | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
vendor_redhat4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j9xr-5c85-xjhm: In libexif through 0
ghsa_unreviewed·2026-04-12
CVE-2026-40385 [MEDIUM] CWE-190 GHSA-j9xr-5c85-xjhm: In libexif through 0
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
VulDB
libexif up to 0.6.25 Nikon MakerNote integer overflow
vuldb·2026-04-12·CVSS 4.0
CVE-2026-40385 [MEDIUM] libexif up to 0.6.25 Nikon MakerNote integer overflow
A vulnerability, which was classified as critical, has been found in libexif up to 0.6.25. Impacted is an unknown function of the component Nikon MakerNote Handler. This manipulation causes integer overflow.
This vulnerability appears as CVE-2026-40385. The attack may be initiated remotely. There is no available exploit.
To fix this issue, it is recommended to deploy a patch.
Red Hat
libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling
vendor_redhat·2026-04-12·CVSS 4.0
CVE-2026-40385 [MEDIUM] CWE-190 libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling
libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling
A flaw was found in libexif. A local attacker on a 32-bit system could exploit an unsigned 32-bit integer overflow vulnerability in the Nikon MakerNote handling. This could lead to application crashes or the disclosure of sensitive information.
Statement: This Moderate impact vulnerability in libexif affects 32-bit systems. A local attacker could trigger an integer overflow in the Nikon MakerNote handling, potentially leading to application crashes or information disclosure.
Mitigation: On 32-bit systems, avoid processing untrusted image files that contain Nikon MakerNotes. This operational control reduces the risk of exploitation by preventing vulnerable applications from parsing malic
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-40385 libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling [fedora-all]
bugzilla·2026-04-13·CVSS 4.0
CVE-2026-40385 [MEDIUM] CVE-2026-40385 libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling [fedora-all]
CVE-2026-40385 libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40385 libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling
bugzilla·2026-04-12·CVSS 4.0
CVE-2026-40385 [MEDIUM] CVE-2026-40385 libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling
CVE-2026-40385 libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.
Rapid7
Patch Tuesday - April 2026
blogs_rapid7·2026-04-14·CVSS 6.5
[MEDIUM] Patch Tuesday - April 2026
Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday . Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser vulnerabilities, which are not included in the Patch Tuesday count above.
## Increasing volumes of vulnerabilities
Regular Patch Tuesday watchers will know that these vulnerability totals are significantly higher than usual, especially the browser numbers. Late last week, Microsoft published patches to resolve more than 60 browser vulnerabilities in a single day, which is a new record in that very specific category.
It mig
2026-04-12
Published