Vulnerabilities > Exiftool Project

DATE CVE VULNERABILITY TITLE RISK
2022-01-25 CVE-2022-23935 OS Command Injection vulnerability in Exiftool Project Exiftool
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
local
low complexity
exiftool-project CWE-78
7.8
2021-04-23 CVE-2021-22204 Code Injection vulnerability in multiple products
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
7.8
2019-01-02 CVE-2018-20211 Uncontrolled Search Path Element vulnerability in Exiftool Project Exiftool 8.32
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking.
local
low complexity
exiftool-project CWE-427
7.8