CVE-2026-40341 - Vulnerability Details - OpenCVE

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available.

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Gphoto	Libgphoto2

No data.

No data.

References

Link	Providers
https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987
https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2

History

Mon, 20 Apr 2026 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 20 Apr 2026 15:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gphoto Gphoto libgphoto2
Vendors & Products		Gphoto Gphoto libgphoto2

Sat, 18 Apr 2026 00:00:00 +0000

Type	Values Removed	Values Added
Description		libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available.
Title		libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx
Weaknesses		CWE-126
References		https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987 https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2
Metrics		cvssV3_1 `{'score': 3.5, 'vector': 'CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-04-17T23:48:36.644Z

Updated: 2026-04-20T16:14:19.107Z

Reserved: 2026-04-10T22:50:01.358Z

Link: CVE-2026-40341

Vulnrichment

Updated: 2026-04-20T16:14:13.974Z

NVD

Status : Deferred

Published: 2026-04-18T00:16:38.220

Modified: 2026-04-20T19:00:52.467

Link: CVE-2026-40341

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-40341", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-10T22:50:01.358Z", "datePublished": "2026-04-17T23:48:36.644Z", "dateUpdated": "2026-04-20T16:14:19.107Z"}, "containers": {"cna": {"title": "libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx", "problemTypes": [{"descriptions": [{"cweId": "CWE-126", "lang": "en", "description": "CWE-126: Buffer Over-read", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2"}, {"name": "https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987", "tags": ["x_refsource_MISC"], "url": "https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987"}], "affected": [{"vendor": "gphoto", "product": "libgphoto2", "versions": [{"version": "<= 2.5.33", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T23:48:36.644Z"}, "descriptions": [{"lang": "en", "value": "libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available."}], "source": {"advisory": "GHSA-vjx3-gjp6-r2g2", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-20T16:14:09.218392Z", "id": "CVE-2026-40341", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:14:19.107Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-40341", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-20T16:14:09.218392Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-20T16:14:13.974Z"}}], "cna": {"title": "libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx", "source": {"advisory": "GHSA-vjx3-gjp6-r2g2", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "gphoto", "product": "libgphoto2", "versions": [{"status": "affected", "version": "<= 2.5.33"}]}], "references": [{"url": "https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2", "name": "https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987", "name": "https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-17T23:48:36.644Z"}}}, "cveMetadata": {"cveId": "CVE-2026-40341", "state": "PUBLISHED", "dateUpdated": "2026-04-20T16:14:19.107Z", "dateReserved": "2026-04-10T22:50:01.358Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-17T23:48:36.644Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}