Cyber Posture

CVE-2026-40386

Medium

Published: 12 April 2026

Published
12 April 2026
Modified
14 April 2026
KEV Added
Patch
CVSS Score 4.0 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
EPSS Score 0.0001 0.3th percentile
Risk Priority 8 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-40386 is a medium-severity Wrap or Wraparound (CWE-191) vulnerability in Libexif Project Libexif. Its CVSS base score is 4.0 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 0.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely remediation through patching libexif to the fixed version directly eliminates the integer underflow in MakerNote decoding.

SI-10 Information Input Validation good match
prevent

Validating the size and structure of Fuji and Olympus EXIF MakerNote tags before processing prevents triggering the underflow vulnerability.

SI-11 Error Handling partial match
prevent

Proper error handling during EXIF decoding mitigates crashes and information leaks resulting from the integer underflow.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
attack.mitre.org →
Why these techniques?

Integer underflow in EXIF decoding enables local exploitation to crash applications (DoS) via crafted image files, directly mapping to application/system exploitation for endpoint DoS.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.

Deeper analysisAI

CVE-2026-40386, published on 2026-04-12, is an integer underflow vulnerability (CWE-191) in the libexif library through version 0.6.25. The issue occurs in size checking during decoding of Fuji and Olympus MakerNote tags in EXIF data, with a CVSS v3.1 base score of 4.0 (AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L). It affects the libexif library itself and any applications that use it to process image metadata.

A local attacker with no privileges can exploit this vulnerability through a high-complexity attack without user interaction. Successful exploitation could lead to either a low-impact denial of service, such as crashing libexif-using programs, or low-impact information disclosure by leaking data from the affected processes.

A patch addressing this issue is available in the libexif GitHub repository at https://github.com/libexif/libexif/commit/dc6eac6e9655d14d0779d99e82d0f5f442d2f34b. Security practitioners should ensure libexif-using applications are updated to incorporate this fix.

Details

CWE(s)
CWE-191

Affected Products

libexif project
libexif
≤ 0.6.25

CVEs Like This One

CVE-2026-40385Same product: Libexif Project Libexif
CVE-2026-32775Same product: Libexif Project Libexif
CVE-2026-7424Shared CWE-191
CVE-2026-34064Shared CWE-191
CVE-2026-31662Shared CWE-191
CVE-2026-25532Shared CWE-191
CVE-2025-0727Shared CWE-191
CVE-2025-21276Shared CWE-191
CVE-2024-57823Shared CWE-191
CVE-2026-27596Shared CWE-191

References