CVE-2026-40386 — Vulnetix

CVE-2026-40386 PUBLISHED CVSS 4 MEDIUM

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

EPSS 0.01% · 0.7th percentile

Risk Scores

CVSS 3.1

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

EPSS Score

0.01%

0.7th percentile

Affected Products

Vendor	Product	Versions
libexif project	libexif	0
libexif_project	libexif

Exploit Intelligence

https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b (circl)

Timeline

Apr 12, 2026 CVE Published
Apr 13, 2026 EPSS Score
Apr 13, 2026 Security Advisory
Apr 14, 2026 CVE Updated
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory
Apr 16, 2026 Security Advisory

References

https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b url
https://nvd.nist.gov/vuln/detail/CVE-2026-40386 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-35611 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26143 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-34757 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33103 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32178 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32176 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32167 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32631 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32203 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32184 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-32201 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20945 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21637 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-23653 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33825 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-33810 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40385 advisory
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40386 advisory

…and 2 more

Open in Interactive Console →