PT-2026-36321 · Exiftool · Exiftool

Ilyass-Armadin

Published

2026-05-01

Updated

2026-05-09

CVE-2026-7580

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions Exiftool versions prior to 13.54

Description Local code injection is possible through the manipulation of the -ee argument. The issue resides in the Process mrld() function within the lib/Image/ExifTool/GM.pm file, specifically affecting the JPEG, QuickTime, MOV, and MP4 components.

Recommendations Upgrade to version 13.54.

Fix

Special Elements Injection

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-94

Related Identifiers

CVE-2026-7580

OESA-2026-2222

OESA-2026-2223

OESA-2026-2224

Affected Products

Exiftool

PT-2026-36321 · Exiftool · Exiftool

CVE-2026-7580

Weakness Enumeration

Related Identifiers

Affected Products

References · 21