Update libexif to 0.6.26 (security release) #2

Merged

sbelikov merged 1 commit from update-libexif-0.6.26 into niceos-5.2

2026-04-28 15:55:26 +03:00

sbelikov commented

2026-04-28 15:50:42 +03:00

Owner

Summary

Update libexif from 0.6.25 to 0.6.26.

Security Fixes:

CVE-2026-32775: Buffer overwrite via integer underflow in makernote handling.
CVE-2026-40385: Unsigned integer overflow on 32bit systems in Nikon makernote handling.
CVE-2026-40386: Unsigned integer underflow in Fuji and Olympus makernote handling.

Features:

Handle JPEG APP3 marker.
Added EXIF_TAG_IMAGE_DEPTH tag.

Details

This is a security-critical patch release addressing multiple vulnerabilities in EXIF metadata parsing.

References:

Upstream Release Notes: https://github.com/libexif/libexif/releases/tag/v0.6.26
NICE.O.S Issue: #1

Changes

Version: 0.6.25 → 0.6.26
Class: patch
Priority: high
Labels: security-release, upstream-update

### Summary Update `libexif` from 0.6.25 to 0.6.26. **Security Fixes:** - CVE-2026-32775: Buffer overwrite via integer underflow in makernote handling. - CVE-2026-40385: Unsigned integer overflow on 32bit systems in Nikon makernote handling. - CVE-2026-40386: Unsigned integer underflow in Fuji and Olympus makernote handling. **Features:** - Handle JPEG APP3 marker. - Added EXIF_TAG_IMAGE_DEPTH tag. ### Details This is a security-critical patch release addressing multiple vulnerabilities in EXIF metadata parsing. **References:** - Upstream Release Notes: https://github.com/libexif/libexif/releases/tag/v0.6.26 - NICE.O.S Issue: https://specs.niceos.ru/rpms/libexif/issues/1 ### Changes - **Version:** 0.6.25 → 0.6.26 - **Class:** patch - **Priority:** high - **Labels:** security-release, upstream-update

sbelikov added 1 commit

2026-04-28 15:50:42 +03:00