CVE-2026-40333 | gphoto libgphoto2 up to 2.5.33 camlibs/ptp2/ptp-pack.c ptp_unpack_EOS_events length out-of-bounds (GHSA-hq94-cp6h-3gjp)

A vulnerability was found in gphoto libgphoto2 up to 2.5.33. It has been declared as critical. Impacted is the function ptp_unpack_EOS_events of the file camlibs/ptp2/ptp-pack.c. Such manipulation of the argument length leads to out-of-bounds read.

This vulnerability is traded as CVE-2026-40333. The attack can be executed directly on the physical device. There is no exploit available.

A patch should be applied to remediate this issue.VulDB Recent EntriesRead More