Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1076

NIXPKGS-2026-1076
published 2 months, 1 week ago
Permalink CVE-2026-40385
4.0 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): Low (L)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): Low (L)
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 2 months, 1 week ago
  • @LeSuisse accepted 2 months, 1 week ago
  • @LeSuisse published on GitHub 2 months, 1 week ago
In libexif through 0.6.25, an unsigned 32bit integer overflow in …

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.

Affected products

libexif
  • =<0.6.25

Matching in nixpkgs

pkgs.libexif

Library to read and manipulate EXIF data in digital photographs

No tier 1 or tier 2 support of 32 bits systems.