libgphoto2 is a camera access and control library
The libgphoto2 library has an out-of-bounds read vulnerability in the `ptp_unpack_Sony_DPD()` function, which can be exploited when processing certain camera data. This can cause the library to crash or potentially execute arbitrary code. The issue is fixed in a recent commit.
libgphoto2 is a camera access and control library. Versions up to and including 2.5.33 have an out-of-bounds read in `ptp_unpack_Sony_DPD()` in `camlibs/ptp2/ptp-pack.c` (line 842). The function reads the FormFlag byte via `dtoh8o(data, *poffset)` without a prior bounds check. The standard `ptp_unpack_DPD()` at lines 686–687 correctly validates `*offset + sizeof(uint8_t) > dpdlen` before this same read, but the Sony variant omits this check entirely. Commit 09f8a940b1e418b5693f5c11e3016a1ad2cea62d fixes the issue.
Developers using libgphoto2 to access and control cameras are at risk of crashing or executing arbitrary code when processing untrusted camera data.
Monitor & Review
Low severity — keep this CVE on your radar and patch during routine maintenance.
What should I do?
Published
CVE disclosed publicly
Last Modified
Most recent update
Indexed to CVEInsight
Added to this platform
AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
0
Affected Products
2
References
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Exploitability
Impact