VYPR

Exiftool

by Exiftool

Source repositories

CVEs (5)

  • CVE-2026-3102MedFeb 24, 2026
    risk 0.34cvss 6.3epss 0.03

    A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is…

  • CVE-2026-7580MedMay 1, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Process_mrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argument -ee results in code injection. Attacking locally is a requirement. Upgrading…

  • CVE-2021-22204KEVApr 23, 2021
    risk 0.23cvss epss 1.00

    Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

  • CVE-2022-23935Jan 25, 2022
    risk 0.01cvss epss 0.08

    lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.

  • CVE-2018-20211Jan 2, 2019
    risk 0.00cvss epss 0.01

    ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010…