Unbounded Read Vulnerabilities in libgphoto2 Camera Control Library
CVE-2026-40333

6.1MEDIUM

Key Information:

Vendor: Gphoto
Status: Libgphoto2
Vendor: CVE Published:; 17 April 2026

What is CVE-2026-40333?

The libgphoto2 library, responsible for camera access and control, contains a vulnerability related to unbounded read operations in its ptp2 implementation. Specifically, certain functions do not validate the size of the data being read, allowing potential exploitation through crafted input. This oversight can lead to memory corruption issues, particularly in the functions related to processing EOS events. A patch has been introduced to address this vulnerability, emphasizing the importance of incorporating length parameters for effective boundary validation.

Affected Version(s)

libgphoto2 <= 2.5.33

References

https://github.com/gphoto/libgphoto2/security/advisories/...

x_refsource_CONFIRM

https://github.com/gphoto/libgphoto2/commit/1817ecead20c2...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40333 Data

JSON

Gphoto

What is CVE-2026-40333?

Affected Version(s)

References

CVSS V3.1

Timeline