Lucene search

Gentoo FoundationMGASA-2022-0381

HistoryOct 24, 2022 - 1:48 a.m.

Updated perl-Image-ExifTool packages fix security vulnerability

2022-10-2401:48:35

Gentoo Foundation

advisories.mageia.org

perl

image

exiftool

security

vulnerability

command injection

update

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.7%

JSON

lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /|$/ check, leading to command injection. (CVE-2022-23935)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchperl-image-exiftool< 12.0.0-1.2perl-Image-ExifTool-12.0.0-1.2.mga8

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	perl-image-exiftool	< 12.0.0-1.2	perl-Image-ExifTool-12.0.0-1.2.mga8

References

bugs.mageia.org/show_bug.cgi?id=29999

lists.fedoraproject.org/archives/list/[email protected]/thread/BKMOJHTMTSAYV7B2A27CBMM7IBAZIRWE/

CVSS2

7.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

34.7%

JSON

Related for MGASA-2022-0381