CVE-2026-32775
Published: 16 March 2026
Summary
CVE-2026-32775 is a high-severity Wrap or Wraparound (CWE-191) vulnerability in Libexif Project Libexif. Its CVSS base score is 7.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-32775 is an integer underflow vulnerability in the libexif library, specifically in the exif_mnote_data_get_value function during MakerNotes decoding. When a zero size is passed, the function causes an underflow that overwrites the input buffer. The flaw affects libexif versions through 0.6.25 and is classified under CWE-191 (Integer Underflow), with a CVSS v3.1 base score of 7.4 (AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
A local attacker can exploit this vulnerability without privileges or user interaction, though it requires high attack complexity. Successful exploitation leads to high-impact confidentiality, integrity, and availability violations, potentially allowing arbitrary code execution or system compromise via crafted EXIF data processed by affected applications.
Mitigation is available via a patch in libexif commit 7df372e9d31d7c993a22b913c813a5f7ec4f3692, as detailed in GitHub issue #247. Security practitioners should update to a patched version of libexif and audit dependent applications that parse EXIF metadata from untrusted sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-12345
Vulnerability details
libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Integer underflow enables local memory corruption/RCE in EXIF-parsing apps (no privs, UI:N) matching local priv-esc and client-side exploitation vectors.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of EXIF input sizes to block the zero-size integer underflow in exif_mnote_data_get_value before buffer overwrite occurs.
Mandates timely application of the libexif patch (commit 7df372e) that eliminates the underflow flaw in MakerNotes decoding.
Provides memory protection mechanisms that can contain or block the buffer overwrite resulting from the integer underflow during EXIF processing.