CVE-2026-32775

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-32775
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32775.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-32775
Downstream
Published
2026-03-16T14:19:44.413Z
Modified
2026-04-10T05:43:04.094628Z
Severity
  • 7.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exifmnotedatagetvalue function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.

References

Affected packages

Git / github.com/libexif/libexif

Affected ranges

Type
GIT
Repo
https://github.com/libexif/libexif
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
e99f14785ef02ee249bccbad8a97595eadbab810
Fixed
7df372e9d31d7c993a22b913c813a5f7ec4f3692
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.6.25"
        }
    ]
}

Affected versions

Other
cvs-migration
libexif-0_5_7-rc2
libexif-0_5_7-rc3
libexif-0_5_7-rc4
libexif-0_5_7-release
libexif-0_5_9-release
libexif-0_6_12-release
libexif-0_6_14-release
libexif-0_6_15-release
libexif-0_6_16-release
libexif-0_6_17-release
libexif-0_6_18-release
libexif-0_6_19-release
libexif-0_6_20-release
libexif-0_6_21-release
libexif-0_6_22-release
libexif-0_6_23-release
libexif-0_6_24-release
libexif-0_6_25-release
libexif-before-0_6_0-api-change
v0.*
v0.6.23
v0.6.24
v0.6.25

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32775.json"