| BDSA-2026-7706 |
|
Medium |
Apr 22, 2026 |
libgphoto2 is vulnerable to an out-of-bounds read due to missing bounds checks in the `ptp_unpack_Sony_DPD()` function when handling the `PTP_DPFF_Enum
more...
libgphoto2 is vulnerable to an out-of-bounds read due to missing bounds checks in the `ptp_unpack_Sony_DPD()` function when handling the `PTP_DPFF_Enumeration` case. This could allow an attacker to disclose adjacent heap memory by sending a crafted Sony Device Property Descriptor with a truncated buffer.
less...
|
|
| BDSA-2026-7705 |
|
Medium |
Apr 22, 2026 |
libgphoto2 is vulnerable to an out-of-bounds read due to improper bounds checking in the `ptp_unpack_Sony_DPD()` function within `camlibs/ptp2/ptp-pack
more...
libgphoto2 is vulnerable to an out-of-bounds read due to improper bounds checking in the `ptp_unpack_Sony_DPD()` function within `camlibs/ptp2/ptp-pack.c`. This could allow an attacker to disclose adjacent heap memory by sending a crafted Sony Device Property Descriptor with a truncated buffer.
less...
|
|
| BDSA-2026-7704 |
|
Medium |
Apr 22, 2026 |
libgphoto2 is vulnerable to an out-of-bounds read due to improper boundary validation in the `ptp_unpack_OI()` function. This could allow an attacker t
more...
libgphoto2 is vulnerable to an out-of-bounds read due to improper boundary validation in the `ptp_unpack_OI()` function. This could allow an attacker to disclose adjacent heap memory contents by sending a crafted PTP ObjectInfo response, potentially exposing sensitive data.
less...
|
|
| BDSA-2026-7703 |
|
Low |
Apr 22, 2026 |
libgphoto2 is vulnerable to buffer over-read due to improper bounds checking in the `ptp_unpack_EOS_FocusInfoEx` function. This could allow an attacker
more...
libgphoto2 is vulnerable to buffer over-read due to improper bounds checking in the `ptp_unpack_EOS_FocusInfoEx` function. This could allow an attacker to cause a denial-of-service (DoS) by crashing the library when processing input from untrusted USB devices.
less...
|
|
| BDSA-2026-7702 |
|
Medium |
Apr 22, 2026 |
libgphoto2 is vulnerable to out-of-bounds read due to insufficient bounds checking in the `ptp_unpack_DPV()` function within `ptp-pack.c`. This could a
more...
libgphoto2 is vulnerable to out-of-bounds read due to insufficient bounds checking in the `ptp_unpack_DPV()` function within `ptp-pack.c`. This could allow an attacker to disclose up to 16 bytes of adjacent heap memory by sending a crafted device property value with a smaller-than-expected buffer, potentially bypassing downstream bounds checks.
less...
|
|
| BDSA-2026-7701 |
|
Low |
Apr 22, 2026 |
libgphoto2 is vulnerable to a memory leak due to improper memory management in the `ptp_unpack_Sony_DPD` function. This could allow an attacker to caus
more...
libgphoto2 is vulnerable to a memory leak due to improper memory management in the `ptp_unpack_Sony_DPD` function. This could allow an attacker to cause unbounded memory consumption, leading to a denial-of-service (DoS) condition.
less...
|
|
| BDSA-2026-7700 |
|
Low |
Apr 22, 2026 |
libgphoto2 is vulnerable to improper null termination due to a missing null terminator in the `ptp_unpack_Canon_FE()` function. This could allow an att
more...
libgphoto2 is vulnerable to improper null termination due to a missing null terminator in the `ptp_unpack_Canon_FE()` function. This could allow an attacker to cause out-of-bounds reads during subsequent string operations, potentially leading to unintended behavior or information disclosure.
less...
|
|
| BDSA-2026-7699 |
|
Medium |
Apr 22, 2026 |
libgphoto2 is vulnerable to out-of-bounds read due to missing length validation in the `ptp_unpack_EOS_ImageFormat` and `ptp_unpack_EOS_CustomFuncEx` f
more...
libgphoto2 is vulnerable to out-of-bounds read due to missing length validation in the `ptp_unpack_EOS_ImageFormat` and `ptp_unpack_EOS_CustomFuncEx` functions. This could allow an attacker to disclose up to 1024 bytes of adjacent heap memory by sending a crafted EOS event response with a truncated buffer.
less...
|
|
