UbuntuUpdates.org

Package "libexif"

Name: libexif

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • library to parse EXIF files (development files)
  • library to parse EXIF files (documentation)
  • library to parse EXIF files

Latest version: 0.6.24-1ubuntu0.22.04.1
Release: jammy (22.04)
Level: security
Repository: main

Links



Other versions of "libexif" in Jammy

Repository Area Version
base main 0.6.24-1build1
updates main 0.6.24-1ubuntu0.22.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 0.6.24-1ubuntu0.22.04.1 2026-07-13 14:10:34 UTC

  libexif (0.6.24-1ubuntu0.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: integer overflow when decoding MakerNotes
    - debian/patches/CVE-2026-32775.patch: check maxlen to be at least 1 in
      libexif/apple/mnote-apple-entry.c, libexif/canon/mnote-canon-entry.c,
      libexif/fuji/mnote-fuji-entry.c, libexif/olympus/mnote-olympus-entry.c,
      libexif/pentax/mnote-pentax-entry.c.
    - CVE-2026-32775
  * SECURITY UPDATE: 32bit integer overflow in Nikon MakerNote handling
    - debian/patches/CVE-2026-40385.patch: Avoid overflow on 32bit system when
      reading Nikon MakerNotes in libexif/olympus/exif-mnote-data-olympus.c.
    - CVE-2026-40385
  * SECURITY UPDATE: integer underflow in size checking for Fuji and Olympus
    MakerNote decoding
    - debian/patches/CVE-2026-40386.patch: fixed 2 unsigned integer underflows
      in libexif/fuji/exif-mnote-data-fuji.c, libexif/olympus/exif-mnote-data-
      olympus.c.
    - CVE-2026-40386

 -- Marc Deslauriers <email address hidden> Tue, 07 Jul 2026 10:37:28 -0400

CVE-2026-32775 libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer wou
CVE-2026-40385 In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or inform
CVE-2026-40386 In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak



About   -   Send Feedback to @ubuntu_updates