CVE-2026-40386
Publication date 12 April 2026
Last updated 16 April 2026
Ubuntu priority
Description
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libexif | 26.04 LTS resolute |
Vulnerable
|
| 25.10 questing |
Vulnerable
|
|
| 24.04 LTS noble |
Vulnerable
|
|
| 22.04 LTS jammy |
Vulnerable
|
|
| 20.04 LTS focal |
Vulnerable
|
|
| 18.04 LTS bionic |
Vulnerable
|
|
| 16.04 LTS xenial |
Vulnerable
|
|
| 14.04 LTS trusty |
Vulnerable
|
Severity score breakdown
CVSS version: CVSS v3.0
Base score
4.0 · Medium
Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L