{"id":"CVE-2026-32775","details":"libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.","modified":"2026-04-10T05:43:04.094628Z","published":"2026-03-16T14:19:44.413Z","references":[{"type":"REPORT","url":"https://github.com/libexif/libexif/issues/247"},{"type":"FIX","url":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libexif/libexif","events":[{"introduced":"0"},{"last_affected":"e99f14785ef02ee249bccbad8a97595eadbab810"},{"fixed":"7df372e9d31d7c993a22b913c813a5f7ec4f3692"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.6.25"}]}}],"versions":["cvs-migration","libexif-0_5_7-rc2","libexif-0_5_7-rc3","libexif-0_5_7-rc4","libexif-0_5_7-release","libexif-0_5_9-release","libexif-0_6_12-release","libexif-0_6_14-release","libexif-0_6_15-release","libexif-0_6_16-release","libexif-0_6_17-release","libexif-0_6_18-release","libexif-0_6_19-release","libexif-0_6_20-release","libexif-0_6_21-release","libexif-0_6_22-release","libexif-0_6_23-release","libexif-0_6_24-release","libexif-0_6_25-release","libexif-before-0_6_0-api-change","v0.6.23","v0.6.24","v0.6.25"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-32775.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}