exiftool-vendored vulnerable to argument injection via newline characters in tag names

Impact exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one of tho...

GHSA-CW26-7653-2RP5 exiftool-vendored vulnerable to argument injection via newline characters in tag names

Impact exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one of tho...

PT-2026-37303

Name of the Vulnerable Software and Affected Versions exiftool-vendored versions prior to 35.19.0 Description Certain strings provided by the caller are interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return within these strings can split a single...

PT-2025-47923

Name of the Vulnerable Software and Affected Versions Fluent Bit versions affected versions not specified Description The in http, in splunk, and in elasticsearch input plugins in Fluent Bit do not properly sanitize tag key inputs. An attacker who can access the network or write records to Splunk...