NIXPKGS-2026-1166

GitHub issue published on

Permalink CVE-2026-40341

3.5 LOW

CVSS version: 3.1
Attack vector (AV): PHYSICAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): LOW

updated 6 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 19 hours ago
@LeSuisse accepted 6 hours ago
@LeSuisse published on GitHub 6 hours ago

libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available.

References

https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2 x_refsource_CONFIRM
https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987 x_refsource_MISC

Affected products

libgphoto2

==<= 2.5.33

Matching in nixpkgs

pkgs.libgphoto2

Library for accessing digital cameras

nixos-unstable 2.5.33
- nixpkgs-unstable 2.5.33
- nixos-unstable-small 2.5.33
nixos-25.11 2.5.32
- nixos-25.11-small 2.5.32
- nixpkgs-25.11-darwin 2.5.32

Package maintainers

@jcumming Jack Cummings <jack@mudshark.org>

Nixpkgs security tracker

Details of issue NIXPKGS-2026-1166

References

Affected products

Matching in nixpkgs

pkgs.libgphoto2

Package maintainers