NIXPKGS-2026-1181

GitHub issue published on

Permalink CVE-2026-40334

3.5 LOW

CVSS version: 3.1
Attack vector (AV): PHYSICAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): LOW

updated 6 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 day, 19 hours ago
@LeSuisse accepted 6 hours ago
@LeSuisse published on GitHub 6 hours ago

libgphoto2 missing null termination in ptp_unpack_Canon_FE() filename buffer in ptp-pack.c

libgphoto2 is a camera access and control library. In versions up to and including 2.5.33, a missing null terminator exists in ptp_unpack_Canon_FE() in camlibs/ptp2/ptp-pack.c (line 1377). The function copies a filename into a 13-byte buffer using strncpy without explicitly null-terminating the result. If the source data is exactly 13 bytes with no null terminator, the buffer is left unterminated, leading to out-of-bounds reads in any subsequent string operation. Commit 259fc7d3bfe534ce4b114c464f55b448670ab873 patches the issue.

References

https://github.com/gphoto/libgphoto2/security/advisories/GHSA-ph87-cc3j-c6hm x_refsource_CONFIRM
https://github.com/gphoto/libgphoto2/commit/259fc7d3bfe534ce4b114c464f55b448670ab873 x_refsource_MISC

Affected products

libgphoto2

==<= 2.5.33

Matching in nixpkgs

pkgs.libgphoto2

Library for accessing digital cameras

nixos-unstable 2.5.33
- nixpkgs-unstable 2.5.33
- nixos-unstable-small 2.5.33
nixos-25.11 2.5.32
- nixos-25.11-small 2.5.32
- nixpkgs-25.11-darwin 2.5.32

Package maintainers

@jcumming Jack Cummings <jack@mudshark.org>

Nixpkgs security tracker

Details of issue NIXPKGS-2026-1181

References

Affected products

Matching in nixpkgs

pkgs.libgphoto2

Package maintainers