Alerts This Week
Warning Icon 1 1,146
Alerts This Week
Warning Icon 1 1,146

Mageia 9 libexif Important Integer Underflow Risks MGASA-2026-0112

mageia
Calendar Grey May 7, 2026
Dist Mageia Esm H88
Updated libexif packages for Mageia address critical security threats with integer underflow and crashes.
MGASA-2026-0112 - Updated libexif packages fix security vulnerabilities

Summary

Description: CVE-2026-32775: libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. CVE-2026-40385: In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. CVE-2026-40386: In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

References

- https://bugs.mageia.org/show_bug.cgi?id=35368

- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.368011

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32775

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40385

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40386

Resolution

SRPMS

- 9/core/libexif-0.6.26-1.mga9

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 07 May 2026
URL: https://advisories.mageia.org/MGASA-2026-0112.html
Type: security
CVE: CVE-2026-32775, CVE-2026-40385, CVE-2026-40386

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here