{"id":"JLSEC-2026-150","details":"libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow.","modified":"2026-04-17T16:02:44.072279Z","published":"2026-04-17T15:47:23.992Z","upstream":["CVE-2026-32775","EUVD-2026-12345"],"database_specific":{"sources":[{"imported":"2026-04-17T15:20:46.421Z","html_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-32775","id":"CVE-2026-32775","published":"2026-03-16T14:19:44.413Z","modified":"2026-03-16T14:53:07.390Z","database_specific":{"status":"Undergoing Analysis"},"url":"https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-32775"},{"imported":"2026-04-17T15:20:44.742Z","html_url":"https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-12345","id":"EUVD-2026-12345","modified":"2026-04-12T18:23:28Z","published":"2026-03-16T06:31:36Z","url":"https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-12345"}],"license":"CC-BY-4.0"},"references":[{"type":"WEB","url":"https://github.com/libexif/libexif/commit/7df372e9d31d7c993a22b913c813a5f7ec4f3692"},{"type":"WEB","url":"https://github.com/libexif/libexif/issues/247"}],"affected":[{"package":{"name":"libexif_jll","ecosystem":"Julia","purl":"pkg:julia/libexif_jll?uuid=cdeeb48b-bcdf-5b3f-98c4-7a29487f695f"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.6.26+0"}]}],"database_specific":{"source":"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-150.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}