libgphoto2 is a camera access and control library
The libgphoto2 library has an out-of-bounds read bug in the ptp_unpack_DPV function, which can occur when processing certain camera data. The bug is caused by not checking if there are enough bytes left in the buffer before reading 16 bytes. This can lead to crashes or data corruption.
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_DPV()` in `camlibs/ptp2/ptp-pack.c` (lines 622–629). The UINT128 and INT128 cases advance `*offset += 16` without verifying that 16 bytes remain in the buffer. The entry check at line 609 only guarantees `*offset < total` (at least 1 byte available), leaving up to 15 bytes unvalidated. Commit 433bde9888d70aa726e32744cd751d7dbe94379a patches the issue.
Developers using libgphoto2 to access cameras are at medium risk of out-of-bounds reads, which can lead to crashes or data corruption, due to the physical attack vector.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
0
Affected Products
2
References
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Exploitability
Impact