Exiftool Project: >> Exiftool Security Vulnerabilities
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
CVSS Score
7.8
EPSS Score
0.354
Published
2022-01-25
CVE-2021-22204
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Known exploited
CVSS Score
6.8
EPSS Score
0.931
Published
2021-04-23
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015).
CVSS Score
7.8
EPSS Score
0.002
Published
2019-01-02