Integer Underflow Vulnerability in libexif Affects Image Handling
CVE-2026-32775

7.4HIGH

Key Information:

Vendor: Libexif Project
Status: Libexif
Vendor: CVE Published:; 16 March 2026

🔔 Create Libexif Project Vulnerability Alert

What is CVE-2026-32775?

A flaw exists in the libexif library, specifically in the handling of MakerNotes during decoding. The issue arises when the exif_mnote_data_get_value function encounters a zero size input, leading to potential buffer overwrites due to an integer underflow. This vulnerability poses a risk to applications utilizing libexif, as it can compromise the integrity of image metadata processing. Developers are advised to update to the latest version to mitigate any potential risks associated with this flaw.

Affected Version(s)

libexif 0 <= 0.6.25

References

https://github.com/libexif/libexif/commit/7df372e9d31d7c9...

https://github.com/libexif/libexif/issues/247

CVSS V3.1

Score:

7.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 16, 2026
Vulnerability Reserved
Mar 16, 2026

CVE-2026-32775 Data

JSON