NIXPKGS-2026-1166

GitHub issue published 2 months, 1 week ago

Permalink CVE-2026-40341

3.5 LOW

CVSS version (CVSS): 3.1
Attack Vector (AV): Physical (P)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): Low (L)
Integrity (I): None (N)
Availability (A): Low (L)
Modified Attack Vector (MAV): Physical (P)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): Low (L)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): None (N)
Modified Availability (MA): Low (L)

updated 2 months, 1 week ago by @LeSuisse Activity log

Created suggestion 2 months, 1 week ago
@LeSuisse accepted 2 months, 1 week ago
@LeSuisse published on GitHub 2 months, 1 week ago

libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, an out of bound read in ptp_unpack_EOS_FocusInfoEx could be used to crash libgphoto2 when processing input from untrusted USB devices. Commit c385b34af260595dfbb5f9329526be5158985987 contains a patch. No known workarounds are available.

References

https://github.com/gphoto/libgphoto2/security/advisories/GHSA-vjx3-gjp6-r2g2 x_refsource_CONFIRM
https://github.com/gphoto/libgphoto2/commit/c385b34af260595dfbb5f9329526be5158985987 x_refsource_MISC

Affected products

libgphoto2

==<= 2.5.33

Matching in nixpkgs

pkgs.libgphoto2

Library for accessing digital cameras

nixos-unstable 2.5.33
- nixpkgs-unstable 2.5.33
- nixos-unstable-small 2.5.33

Package maintainers

@jcumming Jack Cummings <jack@mudshark.org>

Nixpkgs security tracker

Details of issue NIXPKGS-2026-1166

References

Affected products

Matching in nixpkgs

pkgs.libgphoto2

Package maintainers