View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2026-40385 not yet assigned priority: Debian including 1 source packages (libexif), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.
In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.