View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2026-40386 not yet assigned priority: Debian including 1 source packages (libexif), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.
In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.