CVE-2026-40334

Description

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. If the source data is exactly 13 bytes with no null terminator, the buffer is left unterminated, leading to out-of-bounds reads in any subsequent string operation. Commit 259fc7d3bfe534ce4b114c464f55b448670ab873 patches the issue.

CVSS v3.1 Score

3.5

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

EPSS — Exploit Prediction

0.0002

Probability of exploitation

0.06%

Percentile rank

EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.

Weakness Type (CWE)

CWE-170 CWE-170

References

Other References

https://github.com/gphoto/libgphoto2/commit/259fc7d3bfe534ce4b114c464f55b448670ab873 https://github.com/gphoto/libgphoto2/security/advisories/GHSA-ph87-cc3j-c6hm

Frequently Asked Questions

What is CVE-2026-40334? +

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. If the source data is exactly 13 bytes with no null terminator, the buffer is left unterminated, leading to out-of-bounds reads in any subsequent string operation. Commit 259fc7d3bfe534ce4b114c464f55b448670ab873 patches the issue. It has a CVSS v3.1 base score of 3.5 (LOW).

How severe is CVE-2026-40334? +

CVE-2026-40334 has a CVSS v3.1 score of 3.5 out of 10, rated LOW. This is a low-severity vulnerability with limited impact. The EPSS score is 0.0002, placing it in the 0th percentile for exploitation probability.

How do I check if I'm vulnerable to CVE-2026-40334? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-2026

The NPort 6100-G2/6200-G2 Series is affected by a high-severity vulnerability (CVE-2025-2026) that allows remote attackers to execute a null byte …

CVE-2026-8721 9.8

Crypt::OpenSSL::PKCS12 versions through 1.94 for Perl truncates passwords with embedded NULLs. Password parameters in PKCS12.xs are declared char *, which …

CVE-2026-34464 8.8

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field …

CVE-2024-45288 8.4

A missing null-termination character in the last element of an nvlist array string can lead to writing outside the allocated …

CVE-2024-31484 7.8

A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), …

CVE-2024-21442 7.8

Windows USB Print Driver Elevation of Privilege Vulnerability