An open API service providing security vulnerability metadata for many open source software ecosystems.
ExifTool vulnerable to arbitrary code execution
Arbitrary code execution can occur when running
exiftool against files with hostile metadata payloads
ExifTool has already been patched in version 12.24.
exiftool_vendored.rb, which vendors ExifTool, includes this patch in v12.25.0.
For more information
If you have any questions or comments about this advisory:
Open an issue in exiftool_vendored.rbPermalink: https://github.com/advisories/GHSA-q95h-cqrv-8jv5
Source: GitHub Advisory Database
Published: 9 days ago
Updated: 9 days ago
CVSS Score: 7.8
CVSS vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Fixed in: 12.25.0