Updated libexif packages fix security vulnerabilities
Publication date: 07 May 2026Modification date: 07 May 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2026-32775 , CVE-2026-40385 , CVE-2026-40386
Description
CVE-2026-32775: libexif through 0.6.25 has a flaw in decoding
MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0
size, the passed in-buffer would be overwritten due to an integer
underflow.
CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer
overflow in Nikon MakerNote handling could be used by local attackers to
cause crashes or information leaks. This only affects 32bit systems.
CVE-2026-40386: In libexif through 0.6.25, an integer underflow in size
checking for Fuji and Olympus MakerNote decoding could be used by
attackers to crash or leak information out of libexif-using programs.
References
- https://bugs.mageia.org/show_bug.cgi?id=35368
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.368011
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32775
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40385
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40386
SRPMS
9/core
- libexif-0.6.26-1.mga9