CVE-2026-40340: Libgphoto2 Insufficient Ptpojbectinfo Length Check
The length check for unpacking PTP ObjectInfo relies on `PTP_oi_SequenceNumber`, which evaluates to an insufficiently small boundary. This fails to protect trailing fields parsed later in the function, causing an out-of-bounds memory read. Update the check to validate the length correctly against `PTP_oi_filenamelen + 5`.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
Cβ
Cβgreprules fetch cve-2026-40340-libgphoto2-insufficient-ptpojbectinfo-length-check --engine opengrepDescription
The length check for unpacking PTP ObjectInfo relies on `PTP_oi_SequenceNumber`, which evaluates to an insufficiently small boundary. This fails to protect trailing fields parsed later in the function, causing an out-of-bounds memory read. Update the check to validate the length correctly against `PTP_oi_filenamelen + 5`.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0