NIXPKGS-2026-1077

GitHub issue published on

Permalink CVE-2026-40386

4.0 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): LOW

updated 5 hours ago by @LeSuisse Activity log

Created automatic suggestion 13 hours ago
@LeSuisse accepted 5 hours ago
@LeSuisse published on GitHub 5 hours ago

In libexif through 0.6.25, an integer underflow in size checking …

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

References

https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f…

Affected products

libexif

=<0.6.25

Matching in nixpkgs

pkgs.libexif

Library to read and manipulate EXIF data in digital photographs

nixos-unstable 0.6.25
- nixpkgs-unstable 0.6.25
- nixos-unstable-small 0.6.25
nixos-25.11 0.6.25
- nixos-25.11-small 0.6.25
- nixpkgs-25.11-darwin 0.6.25

Nixpkgs security tracker

Details of issue NIXPKGS-2026-1077

References

Affected products

Matching in nixpkgs

pkgs.libexif