What is CVE-2026-40385?

CVE-2026-40385 is a medium-severity vulnerability in Libexif Project, classified under Integer Overflow or Wraparound. CVSS score: 4.0/10. Published 2026-04-12.

How severe is CVE-2026-40385?

Medium severity. CVSS v3 base score is 4.0 out of 10.

Integer overflow in Libexif Project

CVE-2026-40385

In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.

Vulnerability class: Integer Overflow

EPSS: 0.000 (5.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.0 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L.

Affected products

Libexif Project — versions 0

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

References

github.com/libexif/libexif/commit/93003b93e50b3d259bd2227d8775b73a53c35d58

Frequently asked questions

What is CVE-2026-40385?: CVE-2026-40385 is a medium-severity vulnerability in Libexif Project, classified under Integer Overflow or Wraparound. CVSS score: 4.0/10. Published 2026-04-12.
How severe is CVE-2026-40385?: Medium severity. CVSS v3 base score is 4.0 out of 10.