In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26567 advisory.

    The libexif packages provide a library for extracting extra information from image files.

    Security Fix(es):

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)

    * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26190 advisory.

    The libexif packages provide a library for extracting extra information from image files.

    Security Fix(es):

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)

    * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26276 advisory.

    The libexif packages provide a library for extracting extra information from image files.

    Security Fix(es):

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)

    * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26292 advisory.

    The libexif packages provide a library for extracting extra information from image files.

    Security Fix(es):

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)

    * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2026:0154 advisory.

    Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

    CVE-2026-40385:
    In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by     local attackers to cause crashes or information leaks. This only affects 32bit systems.

    CVE-2026-40386:
    In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding     could be used by attackers to crash or leak information out of libexif-using programs.

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:26224 advisory.

    The libexif packages provide a library for extracting extra information from image files.

    Security Fix(es):

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)

    * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26192 advisory.

    The libexif packages provide a library for extracting extra information from image files.

    Security Fix(es):

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)

    * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:26191 advisory.

    The libexif packages provide a library for extracting extra information from image files.

    Security Fix(es):

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)

    * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:22553 advisory.

    The libexif packages provide a library for extracting extra information from image files.

    Security Fix(es):

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)

    * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:22553 advisory.

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)

    * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:22553 advisory.

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)
      * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-740:02 advisory.

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)
      * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:20929 advisory.

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)

    * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

Tenable has extracted the preceding description block directly from the RockyLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-20929 advisory.

    - Fix integer underflow in MakerNote decoding (CVE-2026-40386)

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:20929 advisory.

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)
      * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

Tenable has extracted the preceding description block directly from the AlmaLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:20929 advisory.

    The libexif packages provide a library for extracting extra information from image files.

    Security Fix(es):

    * libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling     (CVE-2026-40385)

    * libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote     decoding (CVE-2026-40386)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4558 advisory.

    -------------------------------------------------------------------------     Debian LTS Advisory DLA-4558-1                debian-lts@lists.debian.org     https://www.debian.org/lts/security/                       Emmanuel Arias     May 01, 2026                                  https://wiki.debian.org/LTS
    -------------------------------------------------------------------------

    Package        : libexif     Version        : 0.6.22-3+deb11u1     CVE ID         : CVE-2026-32775 CVE-2026-40385 CVE-2026-40386     Debian Bug     : 1131116 1133922 1133923

    Three security vulnerabilities were discovered in libexif, a library to reads     and writes EXIF metainformation from and to images files, that can causes     crashes or information leaks.

    CVE-2026-32775

        If the exif_mnote_data_get_value function in MakerNotes gets passed         in a 0 size, the passed in-buffer would be overwritten due to an         integer underflow.

    CVE-2026-40385

        An unsigned 32bit integer overflow in Nikon MakerNote handling could         be used by local attackers to cause crashes or information leaks.

    CVE-2026-40386

        An integer underflow in size checking for Fuji and Olympus MakerNote         decoding could be used by attackers to crash or leak information out         of libexif-using programs.

    For Debian 11 bullseye, these problems have been fixed in version     0.6.22-3+deb11u1.

    We recommend that you upgrade your libexif packages.

    For the detailed security status of libexif please refer to     its security tracker page at:
    https://security-tracker.debian.org/tracker/libexif

    Further information about Debian LTS security advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS     Attachment:
    signature.asc     Description: PGP signature

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b01307dc4d advisory.

    Update to 0.6.26, fixing several CVEs

    https://github.com/libexif/libexif/releases/tag/v0.6.26


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fd361a6f7f advisory.

    Update to 0.6.26, fixing several CVEs

    https://github.com/libexif/libexif/releases/tag/v0.6.26

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-78adb25141 advisory.

    Update to 0.6.26, fixing several CVEs

    https://github.com/libexif/libexif/releases/tag/v0.6.26

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of libexif installed on the remote host is prior to 0.6.26. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2026-104-01 advisory.

    New libexif packages are available for Slackware 15.0 and -current to fix security issues.

Tenable has extracted the preceding description block directly from the libexif security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by     local attackers to cause crashes or information leaks. This only affects 32bit systems. (CVE-2026-40385)

Note that Nessus relies on the presence of the package as reported by the vendor.

ID	Name	Product	Family	Severity
321563	RHEL 7 : libexif (RHSA-2026:26567)	Nessus	Red Hat Local Security Checks	high
321267	RHEL 8 : libexif (RHSA-2026:26190)	Nessus	Red Hat Local Security Checks	high
321260	RHEL 9 : libexif (RHSA-2026:26276)	Nessus	Red Hat Local Security Checks	high
321250	RHEL 8 : libexif (RHSA-2026:26292)	Nessus	Red Hat Local Security Checks	high
321238	Alibaba Cloud Linux 3 : 0154: libexif (ALINUX3-SA-2026:0154)	Nessus	Alibaba Cloud Linux Local Security Checks	high
321172	RHEL 9 : libexif (RHSA-2026:26224)	Nessus	Red Hat Local Security Checks	high
321171	RHEL 9 : libexif (RHSA-2026:26192)	Nessus	Red Hat Local Security Checks	high
321169	RHEL 8 : libexif (RHSA-2026:26191)	Nessus	Red Hat Local Security Checks	high
319574	RHEL 9 : libexif (RHSA-2026:22553)	Nessus	Red Hat Local Security Checks	high
318829	RockyLinux 9 : libexif (RLSA-2026:22553)	Nessus	Rocky Linux Local Security Checks	high
318396	AlmaLinux 9 : libexif (ALSA-2026:22553)	Nessus	Alma Linux Local Security Checks	high
318106	MiracleLinux 8 : libexif-0.6.22-6.el8_10 (AXSA:2026-740:02)	Nessus	Miracle Linux Local Security Checks	high
317500	RockyLinux 8 : libexif (RLSA-2026:20929)	Nessus	Rocky Linux Local Security Checks	high
317449	Oracle Linux 8 : libexif (ELSA-2026-20929)	Nessus	Oracle Linux Local Security Checks	high
317116	AlmaLinux 8 : libexif (ALSA-2026:20929)	Nessus	Alma Linux Local Security Checks	high
317001	RHEL 8 : libexif (RHSA-2026:20929)	Nessus	Red Hat Local Security Checks	high
311487	Debian dla-4558 : libexif-dev - security update	Nessus	Debian Local Security Checks	high
311163	Fedora 42 : libexif (2026-b01307dc4d)	Nessus	Fedora Local Security Checks	high
310072	Fedora 44 : libexif (2026-fd361a6f7f)	Nessus	Fedora Local Security Checks	high
306852	Fedora 43 : libexif (2026-78adb25141)	Nessus	Fedora Local Security Checks	high
306465	Slackware Linux 15.0 / current libexif Multiple Vulnerabilities (SSA:2026-104-01)	Nessus	Slackware Local Security Checks	high
306056	Linux Distros Unpatched Vulnerability : CVE-2026-40385	Nessus	Misc.	high

Detections

Analytics

CVE-2026-40385

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high

high