Buf Overflow in libexif <=0.6.25 MakerNotes Decoding
CVE-2026-32775 Published on March 16, 2026

libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.

NVD

Vulnerability Analysis

CVE-2026-32775 can be exploited with local system access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2026-32775. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
HIGH
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is an Integer underflow Vulnerability?

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result. This can happen in signed and unsigned cases.

CVE-2026-32775 has been classified to as an Integer underflow vulnerability or weakness.


Affected Versions

libexif:

Exploit Probability

EPSS
0.01%
Percentile
1.95%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.