What is CVE-2026-40386?

CVE-2026-40386 is a medium-severity vulnerability in Libexif Project, classified under Integer Underflow. CVSS score: 4.0/10. Published 2026-04-12.

How severe is CVE-2026-40386?

Medium severity. CVSS v3 base score is 4.0 out of 10.

Integer overflow in Libexif Project

CVE-2026-40386

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

EPSS: 0.000 (0.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.0 (Medium). Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L.

Affected products

Libexif Project — versions 0

Weakness classification (CWE)

CWE-191 — Integer Underflow

References

github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b

Frequently asked questions

What is CVE-2026-40386?: CVE-2026-40386 is a medium-severity vulnerability in Libexif Project, classified under Integer Underflow. CVSS score: 4.0/10. Published 2026-04-12.
How severe is CVE-2026-40386?: Medium severity. CVSS v3 base score is 4.0 out of 10.