CVE-2026-40338 | gphoto libgphoto2 up to 2.5.33 camlibs/ptp2/ptp-pack.c ptp_unpack_Sony_DPD out-of-bounds (GHSA-2hwp-w84q-27hf)

A vulnerability has been found in gphoto libgphoto2 up to 2.5.33 and classified as critical. Impacted is the function ptp_unpack_Sony_DPD of the file camlibs/ptp2/ptp-pack.c. This manipulation causes out-of-bounds read.

This vulnerability is registered as CVE-2026-40338. It is feasible to perform the attack on the physical device. No exploit is available.

Applying a patch is the recommended action to fix this issue.VulDB Recent EntriesRead More