VDB

CVE-2026-32775

CVE-2026-32775 PUBLISHED CVSS 7.800000190734863 HIGH

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.

EPSS 0.01% · 0.8th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.01%
0.8th percentile

Affected Products

VendorProductVersions
libexif_projectlibexif0

Timeline

  • Mar 16, 2026 EPSS Score
  • Mar 16, 2026 CVE Published
  • Mar 17, 2026 EPSS Score
  • Mar 17, 2026 Coalition ESS Score
  • Mar 18, 2026 EPSS Score
  • Mar 19, 2026 EPSS Score
  • Mar 20, 2026 EPSS Score
  • Mar 21, 2026 EPSS Score
  • Mar 22, 2026 EPSS Score
  • Mar 23, 2026 EPSS Score
  • Mar 24, 2026 EPSS Score
  • Mar 25, 2026 EPSS Score

References

…and 3 more

Open in Interactive Console →
$ Console Community · 100/wk Open console ›