Exiftoolproject Exiftool
By the Year
In 2024 there have been 0 vulnerabilities in Exiftoolproject Exiftool . Exiftool did not have any published security vulnerabilities last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 0 | 0.00 |
2022 | 1 | 7.80 |
2021 | 1 | 7.80 |
2020 | 0 | 0.00 |
2019 | 1 | 7.80 |
2018 | 0 | 0.00 |
It may take a day or so for new Exiftool vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Exiftoolproject Exiftool Security Vulnerabilities
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check
CVE-2022-23935
7.8 - High
- January 25, 2022
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
Shell injection
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up
CVE-2021-22204
7.8 - High
- April 23, 2021
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Code Injection
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username
CVE-2018-20211
7.8 - High
- January 02, 2019
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015).
DLL preloading
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Exiftoolproject Exiftool or by Exiftoolproject? Click the Watch button to subscribe.