libgphoto2 is a camera access and control library
The libgphoto2 library has an out-of-bounds read bug in the ptp_unpack_Sony_DPD function, which can occur when processing certain camera data. The bug is caused by not checking if there are enough bytes left in the buffer before reading 2 bytes. This can lead to crashes or data corruption.
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in the PTP_DPFF_Enumeration case of `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 856). The function reads a 2-byte enumeration count N via `dtoh16o(data, *poffset)` without verifying that 2 bytes remain in the buffer. The standard `ptp_unpack_DPD()` at line 704 has this exact check, confirming the Sony variant omitted it by oversight. Commit 3b9f9696be76ae51dca983d9dd8ce586a2561845 fixes the issue.
Developers using libgphoto2 to access Sony cameras are at medium risk of out-of-bounds reads, which can lead to crashes or data corruption, due to the physical attack vector.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
0
Affected Products
2
References
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Exploitability
Impact