NIXPKGS-2026-1076

GitHub issue published on

Permalink CVE-2026-40385

4.0 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): LOW

updated 5 hours ago by @LeSuisse Activity log

Created automatic suggestion 13 hours ago
@LeSuisse accepted 5 hours ago
@LeSuisse published on GitHub 5 hours ago

In libexif through 0.6.25, an unsigned 32bit integer overflow in …

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.

References

https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35…

Affected products

libexif

=<0.6.25

Matching in nixpkgs

pkgs.libexif

Library to read and manipulate EXIF data in digital photographs

nixos-unstable 0.6.25
- nixpkgs-unstable 0.6.25
- nixos-unstable-small 0.6.25
nixos-25.11 0.6.25
- nixos-25.11-small 0.6.25
- nixpkgs-25.11-darwin 0.6.25

No tier 1 or tier 2 support of 32 bits systems.

Nixpkgs security tracker

Details of issue NIXPKGS-2026-1076

References

Affected products

Matching in nixpkgs

pkgs.libexif