Red Hat Product Errata RHSA-2026:22529 - Security Advisory Issued: 2026-06-02 Updated: 2026-06-02 RHSA-2026:22529 - Security Advisory Overview Updated Packages Synopsis Moderate: libexif security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for libexif is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The libexif packages provide a library for extracting extra information from image files. Security Fix(es): libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding (CVE-2026-40386) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2457689 - CVE-2026-40386 libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding CVEs CVE-2026-40386 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM libexif-0.6.24-9.el10_2.1.src.rpm SHA-256: 87560bdb8cdfef20b2deb88a6ff62ff1df6726eb1ca98840320fc68bdfec7bc1 x86_64 libexif-0.6.24-9.el10_2.1.x86_64.rpm SHA-256: d10d90b59dd52541643258dc9d55f2a058ceae35e607e9016b4d9f946b54db6f libexif-debuginfo-0.6.24-9.el10_2.1.x86_64.rpm SHA-256: 26078f6b5034cd6856dfde6ec50257aa30a3a30a074e78ddad47226890fbaf8c libexif-debugsource-0.6.24-9.el10_2.1.x86_64.rpm SHA-256: eec3875cd0daa1ab41d8f9cd24e832582443c2293ba5dd4028dd3ea679fa110a Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM libexif-0.6.24-9.el10_2.1.src.rpm SHA-256: 87560bdb8cdfef20b2deb88a6ff62ff1df6726eb1ca98840320fc68bdfec7bc1 x86_64 libexif-0.6.24-9.el10_2.1.x86_64.rpm SHA-256: d10d90b59dd52541643258dc9d55f2a058ceae35e607e9016b4d9f946b54db6f libexif-debuginfo-0.6.24-9.el10_2.1.x86_64.rpm SHA-256: 26078f6b5034cd6856dfde6ec50257aa30a3a30a074e78ddad47226890fbaf8c libexif-debugsource-0.6.24-9.el10_2.1.x86_64.rpm SHA-256: eec3875cd0daa1ab41d8f9cd24e832582443c2293ba5dd4028dd3ea679fa110a Red Hat Enterprise Linux for IBM z Systems 10 SRPM libexif-0.6.24-9.el10_2.1.src.rpm SHA-256: 87560bdb8cdfef20b2deb88a6ff62ff1df6726eb1ca98840320fc68bdfec7bc1 s390x libexif-0.6.24-9.el10_2.1.s390x.rpm SHA-256: e81ade0cc89e264c91e633f9e85c26e27d76fcf58d61310bcc8c13d921c0c1df libexif-debuginfo-0.6.24-9.el10_2.1.s390x.rpm SHA-256: 72b5febc3a63b67a8717a73a9d440a134f816e0343ff7fb51395768789f60b98 libexif-debugsource-0.6.24-9.el10_2.1.s390x.rpm SHA-256: 6ac6d22ad4d61f6c8f88a3c92bb4082fff535427c6bdd0a633e547f27c08fed7 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM libexif-0.6.24-9.el10_2.1.src.rpm SHA-256: 87560bdb8cdfef20b2deb88a6ff62ff1df6726eb1ca98840320fc68bdfec7bc1 s390x libexif-0.6.24-9.el10_2.1.s390x.rpm SHA-256: e81ade0cc89e264c91e633f9e85c26e27d76fcf58d61310bcc8c13d921c0c1df libexif-debuginfo-0.6.24-9.el10_2.1.s390x.rpm SHA-256: 72b5febc3a63b67a8717a73a9d440a134f816e0343ff7fb51395768789f60b98 libexif-debugsource-0.6.24-9.el10_2.1.s390x.rpm SHA-256: 6ac6d22ad4d61f6c8f88a3c92bb4082fff535427c6bdd0a633e547f27c08fed7 Red Hat Enterprise Linux for Power, little endian 10 SRPM libexif-0.6.24-9.el10_2.1.src.rpm SHA-256: 87560bdb8cdfef20b2deb88a6ff62ff1df6726eb1ca98840320fc68bdfec7bc1 ppc64le libexif-0.6.24-9.el10_2.1.ppc64le.rpm SHA-256: fb9825b1ebd251e413933e772b20d6292936254e2fa6a146347c8fbf750c3747 libexif-debuginfo-0.6.24-9.el10_2.1.ppc64le.rpm SHA-256: 308b4b1463d63d103a0b9d754fa40fc7b6fa2f455d60ee33471ca6a3e14b900d libexif-debugsource-0.6.24-9.el10_2.1.ppc64le.rpm SHA-256: 45256e05e9fcf4148174d9614d7709261645c44d93e4730caecd9ba1e11ac6db Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 SRPM libexif-0.6.24-9.el10_2.1.src.rpm SHA-256: 87560bdb8cdfef20b2deb88a6ff62ff1df6726eb1ca98840320fc68bdfec7bc1 ppc64le libexif-0.6.24-9.el10_2.1.ppc64le.rpm SHA-256: fb9825b1ebd251e413933e772b20d6292936254e2fa6a146347c8fbf750c3747 libexif-debuginfo-0.6.24-9.el10_2.1.ppc64le.rpm SHA-256: 308b4b1463d63d103a0b9d754fa40fc7b6fa2f455d60ee33471ca6a3e14b900d libexif-debugsource-0.6.24-9.el10_2.1.ppc64le.rpm SHA-256: 45256e05e9fcf4148174d9614d7709261645c44d93e4730caecd9ba1e11ac6db Red Hat Enterprise Linux for ARM 64 10 SRPM libexif-0.6.24-9.el10_2.1.src.rpm SHA-256: 87560bdb8cdfef20b2deb88a6ff62ff1df6726eb1ca98840320fc68bdfec7bc1 aarch64 libexif-0.6.24-9.el10_2.1.aarch64.rpm SHA-256: 10e35339b3509e55df9ba43cdf47efffbdc7e5fd41bff26525ad9a0257ca6a55 libexif-debuginfo-0.6.24-9.el10_2.1.aarch64.rpm SHA-256: 451d807e06d97dd3dd9f24615788887b16e86d60da84c36edec57198f533b6bc libexif-debugsource-0.6.24-9.el10_2.1.aarch64.rpm SHA-256: b2ab16df7aa5b89cd859fa149d485536a0cc118f7eb63b8e0188be2834511f28 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 SRPM libexif-0.6.24-9.el10_2.1.src.rpm SHA-256: 87560bdb8cdfef20b2deb88a6ff62ff1df6726eb1ca98840320fc68bdfec7bc1 aarch64 libexif-0.6.24-9.el10_2.1.aarch64.rpm SHA-256: 10e35339b3509e55df9ba43cdf47efffbdc7e5fd41bff26525ad9a0257ca6a55 libexif-debuginfo-0.6.24-9.el10_2.1.aarch64.rpm SHA-256: 451d807e06d97dd3dd9f24615788887b16e86d60da84c36edec57198f533b6bc libexif-debugsource-0.6.24-9.el10_2.1.aarch64.rpm SHA-256: b2ab16df7aa5b89cd859fa149d485536a0cc118f7eb63b8e0188be2834511f28 Red Hat CodeReady Linux Builder for x86_64 10 SRPM x86_64 libexif-debuginfo-0.6.24-9.el10_2.1.x86_64.rpm SHA-256: 26078f6b5034cd6856dfde6ec50257aa30a3a30a074e78ddad47226890fbaf8c libexif-debugsource-0.6.24-9.el10_2.1.x86_64.rpm SHA-256: eec3875cd0daa1ab41d8f9cd24e832582443c2293ba5dd4028dd3ea679fa110a libexif-devel-0.6.24-9.el10_2.1.x86_64.rpm SHA-256: cba5bad311389ef135c6c0372ab91ed6904933104c59b4454c44036b17a8f583 libexif-doc-0.6.24-9.el10_2.1.x86_64.rpm SHA-256: 2eeeed0fe24e7e18c12186316b0d72f7aa9e832008573ccf7f2a843a76e974ad Red Hat CodeReady Linux Builder for Power, little endian 10 SRPM ppc64le libexif-debuginfo-0.6.24-9.el10_2.1.ppc64le.rpm SHA-256: 308b4b1463d63d103a0b9d754fa40fc7b6fa2f455d60ee33471ca6a3e14b900d libexif-debugsource-0.6.24-9.el10_2.1.ppc64le.rpm SHA-256: 45256e05e9fcf4148174d9614d7709261645c44d93e4730caecd9ba1e11ac6db libexif-devel-0.6.24-9.el10_2.1.ppc64le.rpm SHA-256: 3e7805f8fd67df1fc711b4e3723cc032b79616bc9e2250c87be1bf0c7eb1d55c libexif-doc-0.6.24-9.el10_2.1.ppc64le.rpm SHA-256: 4f34c3136036948029b5d818f1e77e852f7b0d52a485e00a0b61ad3a11406156 Red Hat CodeReady Linux Builder for ARM 64 10 SRPM aarch64 libexif-debuginfo-0.6.24-9.el10_2.1.aarch64.rpm SHA-256: 451d807e06d97dd3dd9f24615788887b16e86d60da84c36edec57198f533b6bc libexif-debugsource-0.6.24-9.el10_2.1.aarch64.rpm SHA-256: b2ab16df7aa5b89cd859fa149d485536a0cc118f7eb63b8e0188be2834511f28 libexif-devel-0.6.24-9.el10_2.1.aarch64.rpm SHA-256: 6973510637b286ba5c20d0c7e2be7a3cce06348a75fa1edef769b09312a6b7da libexif-doc-0.6.24-9.el10_2.1.aarch64.rpm SHA-256: e454297c1b34cc392f101bd4b8ec066f26eda24d3c60d9e37951a2c67c4d4e2b Red Hat CodeReady Linux Builder for IBM z Systems 10 SRPM s390x libexif-debuginfo-0.6.24-9.el10_2.1.s390x.rpm SHA-256: 72b5febc3a63b67a8717a73a9d440a134f816e0343ff7fb51395768789f60b98 libexif-debugsource-0.6.24-9.el10_2.1.s390x.rpm SHA-256: 6ac6d22ad4d61f6c8f88a3c92bb4082fff535427c6bdd0a633e547f27c08fed7 libexif-devel-0.6.24-9.el10_2.1.s390x.rpm SHA-256: 893e2be7cc6b65f853b8d37b83d85fd06cab4c4b71e2144153d9fd9d9b360f6a libexif-doc-0.6.24-9.el10_2.1.s390x.rpm SHA-256: 3033e289bedd7905c35679ebf288f12fa02ae8bcac13c66a8905a7457fd7fb03 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 SRPM x86_64 libexif-debuginfo-0.6.24-9.el10_2.1.x86_64.rpm SHA-256: 26078f6b5034cd6856dfde6ec50257aa30a3a30a074e78ddad47226890fba