Out of Bound Read Vulnerability in libgphoto2 Affects Camera Control Library
CVE-2026-40341

3.5LOW

Key Information:

Vendor: Gphoto
Status: Libgphoto2
Vendor: CVE Published:; 17 April 2026

What is CVE-2026-40341?

libgphoto2, a library designed for camera access and control, is susceptible to an out of bound read vulnerability. This flaw emerges in the ptp_unpack_EOS_FocusInfoEx function and may lead to crashes when handling inputs from untrusted USB devices. A fix has been introduced in commit c385b34af260595dfbb5f9329526be5158985987, but as of now, there are no known workarounds available for this issue.

Affected Version(s)

libgphoto2 <= 2.5.33

References

https://github.com/gphoto/libgphoto2/security/advisories/...

x_refsource_CONFIRM

https://github.com/gphoto/libgphoto2/commit/c385b34af2605...

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40341 Data

JSON

Gphoto

What is CVE-2026-40341?

Affected Version(s)

References

CVSS V3.1

Timeline