CVE-2026-7580

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Exiftool versions prior to 13.54

Description Local code injection is possible through the manipulation of the -ee argument. The issue resides in the Process mrld() function within the lib/Image/ExifTool/GM.pm file, specifically affecting the JPEG, QuickTime, MOV, and MP4 components.

Recommendations Upgrade to version 13.54.

Fix

Special Elements Injection

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-94

Related Identifiers

CVE-2026-7580

Affected Products

Exiftool

CVE-2026-7580

Weakness Enumeration

Related Identifiers

Affected Products

References · 10