An update for libexif is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-1987 Final 1.0 1.0 2026-04-17 Initial 2026-04-17 2026-04-17 openEuler SA Tool V1.0 2026-04-17 libexif security update An update for libexif is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3 Most digital cameras produce EXIF files, which are JPEG files with extra tags that contain information about the image. The EXIF library allows you to parse an EXIF file and read the data from those tags. Security Fix(es): In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems.(CVE-2026-40385) In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs.(CVE-2026-40386) An update for libexif is now available for openEuler-20.03-LTS-SP4,openEuler-22.03-LTS-SP4,openEuler-24.03-LTS,openEuler-24.03-LTS-SP1,openEuler-24.03-LTS-SP2,openEuler-24.03-LTS-SP3. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium libexif https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1987 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40385 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-40386 https://nvd.nist.gov/vuln/detail/CVE-2026-40385 https://nvd.nist.gov/vuln/detail/CVE-2026-40386 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 libexif-help-0.6.21-28.oe2003sp4.noarch.rpm libexif-help-0.6.22-7.oe2203sp4.noarch.rpm libexif-help-0.6.24-3.oe2403.noarch.rpm libexif-help-0.6.24-3.oe2403sp1.noarch.rpm libexif-help-0.6.24-3.oe2403sp2.noarch.rpm libexif-help-0.6.24-3.oe2403sp3.noarch.rpm libexif-0.6.21-28.oe2003sp4.aarch64.rpm libexif-debuginfo-0.6.21-28.oe2003sp4.aarch64.rpm libexif-debugsource-0.6.21-28.oe2003sp4.aarch64.rpm libexif-devel-0.6.21-28.oe2003sp4.aarch64.rpm libexif-0.6.22-7.oe2203sp4.aarch64.rpm libexif-debuginfo-0.6.22-7.oe2203sp4.aarch64.rpm libexif-debugsource-0.6.22-7.oe2203sp4.aarch64.rpm libexif-devel-0.6.22-7.oe2203sp4.aarch64.rpm libexif-0.6.24-3.oe2403.aarch64.rpm libexif-debuginfo-0.6.24-3.oe2403.aarch64.rpm libexif-debugsource-0.6.24-3.oe2403.aarch64.rpm libexif-devel-0.6.24-3.oe2403.aarch64.rpm libexif-0.6.24-3.oe2403sp1.aarch64.rpm libexif-debuginfo-0.6.24-3.oe2403sp1.aarch64.rpm libexif-debugsource-0.6.24-3.oe2403sp1.aarch64.rpm libexif-devel-0.6.24-3.oe2403sp1.aarch64.rpm libexif-0.6.24-3.oe2403sp2.aarch64.rpm libexif-debuginfo-0.6.24-3.oe2403sp2.aarch64.rpm libexif-debugsource-0.6.24-3.oe2403sp2.aarch64.rpm libexif-devel-0.6.24-3.oe2403sp2.aarch64.rpm libexif-0.6.24-3.oe2403sp3.aarch64.rpm libexif-debuginfo-0.6.24-3.oe2403sp3.aarch64.rpm libexif-debugsource-0.6.24-3.oe2403sp3.aarch64.rpm libexif-devel-0.6.24-3.oe2403sp3.aarch64.rpm libexif-0.6.21-28.oe2003sp4.src.rpm libexif-0.6.22-7.oe2203sp4.src.rpm libexif-0.6.24-3.oe2403.src.rpm libexif-0.6.24-3.oe2403sp1.src.rpm libexif-0.6.24-3.oe2403sp2.src.rpm libexif-0.6.24-3.oe2403sp3.src.rpm libexif-0.6.21-28.oe2003sp4.x86_64.rpm libexif-debuginfo-0.6.21-28.oe2003sp4.x86_64.rpm libexif-debugsource-0.6.21-28.oe2003sp4.x86_64.rpm libexif-devel-0.6.21-28.oe2003sp4.x86_64.rpm libexif-0.6.22-7.oe2203sp4.x86_64.rpm libexif-debuginfo-0.6.22-7.oe2203sp4.x86_64.rpm libexif-debugsource-0.6.22-7.oe2203sp4.x86_64.rpm libexif-devel-0.6.22-7.oe2203sp4.x86_64.rpm libexif-0.6.24-3.oe2403.x86_64.rpm libexif-debuginfo-0.6.24-3.oe2403.x86_64.rpm libexif-debugsource-0.6.24-3.oe2403.x86_64.rpm libexif-devel-0.6.24-3.oe2403.x86_64.rpm libexif-0.6.24-3.oe2403sp1.x86_64.rpm libexif-debuginfo-0.6.24-3.oe2403sp1.x86_64.rpm libexif-debugsource-0.6.24-3.oe2403sp1.x86_64.rpm libexif-devel-0.6.24-3.oe2403sp1.x86_64.rpm libexif-0.6.24-3.oe2403sp2.x86_64.rpm libexif-debuginfo-0.6.24-3.oe2403sp2.x86_64.rpm libexif-debugsource-0.6.24-3.oe2403sp2.x86_64.rpm libexif-devel-0.6.24-3.oe2403sp2.x86_64.rpm libexif-0.6.24-3.oe2403sp3.x86_64.rpm libexif-debuginfo-0.6.24-3.oe2403sp3.x86_64.rpm libexif-debugsource-0.6.24-3.oe2403sp3.x86_64.rpm libexif-devel-0.6.24-3.oe2403sp3.x86_64.rpm In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. 2026-04-17 CVE-2026-40385 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 Medium 4.0 AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L libexif security update 2026-04-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1987 In libexif through 0.6.25, an integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs. 2026-04-17 CVE-2026-40386 openEuler-20.03-LTS-SP4 openEuler-22.03-LTS-SP4 openEuler-24.03-LTS openEuler-24.03-LTS-SP1 openEuler-24.03-LTS-SP2 openEuler-24.03-LTS-SP3 Medium 4.0 AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L libexif security update 2026-04-17 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-1987