CVE-2026-40386
Publication date 13 April 2026
Last updated 13 April 2026
Ubuntu priority
Description
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libexif | 25.10 questing |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.0 · Medium
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L |