CVE-2026-40385 — Vulnetix

CVE-2026-40385 PUBLISHED CVSS 4 MEDIUM

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.

EPSS 0.02% · 5.3th percentile

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

EPSS Score

0.02%

5.3th percentile

Affected Products

Vendor	Product	Versions
libexif project	libexif	0
libexif_project	libexif

Exploit Intelligence

https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58 (circl)

Timeline

Apr 12, 2026 CVE Published
Apr 13, 2026 EPSS Score
Apr 13, 2026 Security Advisory
Apr 14, 2026 CVE Updated
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory

References

https://github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58 url
https://nvd.nist.gov/vuln/detail/CVE-2026-40385 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35611 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34757 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33103 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32176 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32167 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32631 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32184 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20945 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21637 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23653 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33810 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40385 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40386 advisory

…and 2 more

Open in Interactive Console →