Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/05/11 8:59 p.m.33 views

CVE-2026-43893 exiftool-vendored: Argument injection via newline characters in tag names

exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...

8.2CVSS0.00485EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.8 views

exiftool-vendored 参数注入漏洞

exiftool-vendored is a cross-platform image metadata reading and writing tool developed by PhotoStructure. Versions of exiftool-vendored prior to 35.19.0 had a parameter injection vulnerability. This vulnerability occurred when ExifTool was executed in the “-stayopen True -” mode, where strings...

8.2CVSS5.8AI score0.00485EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/05 7:53 p.m.10 views

exiftool-vendored vulnerable to argument injection via newline characters in tag names

Impact exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one of tho...

8.2CVSS6.4AI score0.00485EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-37303

Name of the Vulnerable Software and Affected Versions exiftool-vendored versions prior to 35.19.0 Description Certain strings provided by the caller are interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return within these strings can split a single...

8.2CVSS5.8AI score0.00485EPSS
Exploits0References6
Rows per page
Query Builder