libgphoto2 Memory Leak Vulnerability in PTP Unpacking Function for Sony Cameras
Vulnerability
A memory leak vulnerability has been identified in libgphoto2 versions through 2.5.33. The issue arises in the PTP unpacking function for Sony devices, specifically when processing secondary enumeration lists from 2024 and later models. The vulnerability occurs because the function overwrites the 'SupportedValue' field with a new allocation without freeing the previous one, leading to a leak of the original array and any string values it contained during each property descriptor parsing. This flaw can be exploited by a malicious device to send repeated property descriptor responses, causing unbounded memory growth and eventual exhaustion of resources in the host process.
Impact
Exploitation of this vulnerability leads to a heap memory exhaustion, where the host process consumes an uncontrolled amount of memory, potentially causing it to run out of available resources.
Remediation
Users can apply the patch available in commit 404ff02 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.