Ghostwire

CVE-2026-40386: In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used...

MEDIUM CVSS 4.0 Exploit Available 1 PoC

Published: April 12, 2026 | Last Modified: April 12, 2026

Description

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

Ghostwire Analysis — What This Means Practically

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.
1 proof-of-concept exploit available on GitHub. Public exploit code lowers the barrier for both researchers and attackers.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Proof-of-Concept Exploits (1)

libexif/libexif

Security Coverage (1 articles)

References

github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b
www.tenable.com/cve/CVE-2026-40386
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-40386
nvd.nist.gov/vuln/detail/CVE-2026-40386