Vulnerabilities > Exiftool Project
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-25 | CVE-2022-23935 | OS Command Injection vulnerability in Exiftool Project Exiftool lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection. | 7.8 |
2021-04-23 | CVE-2021-22204 | Code Injection vulnerability in multiple products Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image | 7.8 |
2019-01-02 | CVE-2018-20211 | Uncontrolled Search Path Element vulnerability in Exiftool Project Exiftool 8.32 ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. | 6.8 |