Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

gphoto — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting gphoto. AI-powered Chinese analysis, POCs, and references for each vulnerability.

gphoto serves as an open-source suite for controlling cameras remotely via command-line and graphical interfaces, primarily used in photography workflows. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and insecure default configurations. The project maintains a moderate security posture with eight recorded CVEs, though no major public incidents have been documented. Regular updates address discovered flaws, but users should remain vigilant about potential exploitation vectors, particularly in network-deployed environments where unauthorized access could compromise connected devices.

Top products by gphoto: libgphoto2
CVE IDTitleCVSSSeverityPublished
CVE-2026-40341 libgphoto2 has an OOB Read in ptp_unpack_EOS_FocusInfoEx — libgphoto2CWE-126 3.5 Low2026-04-17
CVE-2026-40340 libgphoto2 has OOB read in ptp_unpack_OI() in ptp-pack.c via malicious PTP ObjectInfo response — libgphoto2CWE-125 6.1 Medium2026-04-17
CVE-2026-40339 libgphoto2 has OOB read in ptp_unpack_Sony_DPD() FormFlag parsing in ptp-pack.c — libgphoto2CWE-125 5.2 Medium2026-04-17
CVE-2026-40338 libgphoto2 has OOB read in ptp_unpack_Sony_DPD() enumeration count parsing in ptp-pack.c — libgphoto2CWE-125 5.2 Medium2026-04-17
CVE-2026-40336 libgphoto2 has memory leak in ptp_unpack_Sony_DPD() secondary enumeration list in ptp-pack.c — libgphoto2CWE-401 2.4 Low2026-04-17
CVE-2026-40335 libgphoto2 has OOB read in ptp_unpack_DPV() UINT128/INT128 handling in ptp-pack.c — libgphoto2CWE-125 5.2 Medium2026-04-17
CVE-2026-40334 libgphoto2 missing null termination in ptp_unpack_Canon_FE() filename buffer in ptp-pack.c — libgphoto2CWE-170 3.5 Low2026-04-17
CVE-2026-40333 libgphoto2 has OOB read in ptp_unpack_EOS_ImageFormat() and ptp_unpack_EOS_CustomFuncEx() due to missing length parameter in ptp-pack.c — libgphoto2CWE-125 6.1 Medium2026-04-17

This page lists every published CVE security advisory associated with gphoto. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.