HIGHCVE-2026-32775Published 2026-03-16Modified 2026-04-12CNA mitre

CVE-2026-32775: libexif through 0

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.

CVSS v3.1: 7.4
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

libexif project / libexif
≤ 0.6.25

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References

github.com
github.com

Metrics