ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starti...
7.8CVSS
7.6AI Score
0.001EPSS
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /|$/ check, leading to command injection.
7.8CVSS
7.6AI Score
0.001EPSS