Search Results (Refine Search)
- CPE Product Version: cpe:/a:exiftool_project:exiftool:8.32
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-23935 |
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection. Published: January 25, 2022; 1:15:06 AM -0500 |
V3.1: 7.8 HIGH V2.0: 7.6 HIGH |
CVE-2021-22204 |
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image Published: April 23, 2021; 2:15:08 PM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2018-20211 |
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015). Published: January 02, 2019; 1:29:01 PM -0500 |
V3.0: 7.8 HIGH V2.0: 6.8 MEDIUM |