CVE-2026-40386
published 2026-04-12CVE-2026-40386: In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak…
PriorityP430high7.1CVSS 3.1
AVLACLPRLUINSUCHINAH
EPSS
0.14%
3.8th percentile
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| libexif_project | libexif | <= 0.6.25 | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
vendor_redhat4.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p6wp-hhx9-7jj5: In libexif through 0
ghsa_unreviewed·2026-04-12
CVE-2026-40386 [MEDIUM] CWE-191 GHSA-p6wp-hhx9-7jj5: In libexif through 0
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
VulDB
libexif up to 0.6.25 MakerNote Decoding integer underflow
vuldb·2026-04-12·CVSS 4.0
CVE-2026-40386 [MEDIUM] libexif up to 0.6.25 MakerNote Decoding integer underflow
A vulnerability classified as critical was found in libexif up to 0.6.25. This issue affects some unknown processing of the component MakerNote Decoding. The manipulation results in integer underflow.
This vulnerability is reported as CVE-2026-40386. The attack can be launched remotely. No exploit exists.
A patch should be applied to remediate this issue.
Red Hat
libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding
vendor_redhat·2026-04-12·CVSS 4.0
CVE-2026-40386 [MEDIUM] CWE-191 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding
libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding
A flaw was found in libexif. An integer underflow vulnerability in the size checking mechanism for Fuji and Olympus MakerNote decoding could allow attackers to exploit programs using libexif. This could lead to a Denial of Service (DoS) by crashing the program or result in information disclosure, potentially exposing sensitive data.
Statement: Moderate impact. An integer underflow in libexif's Fuji and Olympus MakerNote decoding could allow an attacker to cause a denial of service or information disclosure. This vulnerability affects programs that process specially crafted image files utilizing libexif.
Mitigation: To mitigate this issue, users should avoid processing untrusted ima
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding [fedora-all]
bugzilla·2026-04-13·CVSS 4.0
CVE-2026-40386 [MEDIUM] CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding [fedora-all]
CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding
bugzilla·2026-04-12·CVSS 4.0
CVE-2026-40386 [MEDIUM] CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding
CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
Rapid7
Patch Tuesday - April 2026
blogs_rapid7·2026-04-14·CVSS 6.5
[MEDIUM] Patch Tuesday - April 2026
Microsoft is publishing 167 vulnerabilities on April 2026 Patch Tuesday . Microsoft is aware of exploitation in the wild for one of today’s vulnerabilities, and public disclosure for one other. Microsoft evaluates 19 of the vulnerabilities published today as more likely to see future exploitation. So far this month, Microsoft has provided patches to address 80 browser vulnerabilities, which are not included in the Patch Tuesday count above.
## Increasing volumes of vulnerabilities
Regular Patch Tuesday watchers will know that these vulnerability totals are significantly higher than usual, especially the browser numbers. Late last week, Microsoft published patches to resolve more than 60 browser vulnerabilities in a single day, which is a new record in that very specific category.
It mig
2026-04-12
Published