libgphoto2 is a camera access and control library
The libgphoto2 library has a memory leak bug in the ptp_unpack_Sony_DPD function, which can occur when processing certain camera data. The bug is caused by not freeing previously allocated memory, leading to memory leaks. This can cause issues over time, such as increased memory usage.
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have a memory leak in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (lines 884–885). When processing a secondary enumeration list (introduced in 2024+ Sony cameras), the function overwrites dpd->FORM.Enum.SupportedValue with a new calloc() without freeing the previous allocation from line 857. The original array and any string values it contains are leaked on every property descriptor parse. Commit 404ff02c75f3cb280196fc260a63c4d26cf1a8f6 fixes the issue.
Developers using libgphoto2 to access Sony cameras are at low risk of memory leaks, which can lead to increased memory usage over time, due to the physical attack vector.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
0
Affected Products
2
References
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Exploitability
Impact