Platform
c
Component
libexif
Fixed in
0.6.26
CVE-2026-40385 describes an Integer Overflow vulnerability discovered in libexif, a library for reading and writing EXIF data. This flaw could allow a local attacker to trigger crashes or potentially leak information by exploiting improper handling of Nikon MakerNotes. The vulnerability affects versions 0.0.0 through 0.6.25 of libexif and is specifically relevant to 32-bit systems. A fix is available in version 0.6.26.
The Integer Overflow vulnerability in libexif arises from insufficient validation within the Nikon MakerNote handling routines. An attacker could craft a malicious EXIF file containing a specially crafted Nikon MakerNote that triggers an overflow when processed by libexif. This overflow can lead to a denial-of-service (DoS) condition, causing the application using libexif to crash. More concerningly, depending on the application's memory layout and privilege level, the overflow could potentially be exploited to leak sensitive information from memory. The vulnerability's impact is limited to 32-bit systems, as the overflow condition is more easily exploitable in this architecture.
CVE-2026-40385 was publicly disclosed on 2026-04-12. There is currently no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept (PoC) code has been released. The vulnerability has not been added to the CISA KEV catalog at the time of writing. The CVSS score is 4.0 (MEDIUM), indicating a moderate level of risk.
Exploit Status
EPSS
0.01% (2% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-40385 is to upgrade to libexif version 0.6.26 or later, which contains the fix for the Integer Overflow. If upgrading is not immediately feasible, consider implementing input validation on EXIF files before processing them with libexif. Specifically, scrutinize the size and format of Nikon MakerNotes to prevent oversized or malformed data from being passed to the vulnerable function. While a WAF is unlikely to be effective here, a proxy could potentially be configured to inspect EXIF data for suspicious patterns. After upgrading, confirm the fix by attempting to process a known malicious EXIF file (if available) and verifying that it no longer triggers a crash or information leak.
Update to version 0.6.26 or later of libexif to mitigate the unsigned integer overflow in Nikon MakerNote handling. Verify your project's dependencies to ensure libexif is updated. Apply security patches if an immediate update is not possible.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-40385 is a vulnerability in libexif versions 0.0.0–0.6.25 that allows local attackers to trigger crashes or information leaks through improper handling of Nikon MakerNotes, specifically on 32-bit systems.
You are affected if you are using libexif versions 0.0.0 through 0.6.25 on a 32-bit system and process EXIF data, particularly Nikon MakerNotes.
Upgrade to libexif version 0.6.26 or later to resolve the Integer Overflow vulnerability. If upgrading isn't possible, implement input validation on EXIF files.
There is currently no evidence of active exploitation campaigns targeting CVE-2026-40385.
Refer to the libexif project's official website or security mailing list for the advisory related to CVE-2026-40385.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.