PT-2022-16352 · Exiftool+3 · Exiftool+3

Published

2021-05-27

·

Updated

2024-09-10

·

CVE-2022-23935

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions ExifTool versions prior to 12.38
Description The issue arises from the mishandling of a $file =~ /|$/ check in lib/Image/ExifTool.pm, leading to command injection.
Recommendations For versions prior to 12.38, update to version 12.38 or later to resolve the issue.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

ALT-PU-2021-1867
ALT-PU-2022-2010
ALT-PU-2022-2517
ALT-PU-2024-12214
CVE-2022-23935
MGASA-2022-0381
OPENSUSE-SU-2024:11794-1

Affected Products

Alt Linux
Astra Linux
Debian
Exiftool