CVE-2021-22204

CVE-2021-22204 : ExifTool versions 7.44 and later are vulnerable to arbitrary code execution when parsing a malicious image due to improper neutralization of user data in the DjVu file format. Several connected sources confirm this remote code execution vector within ExifTool’s handling of DjVu c...

CVE-2022-23935

ExiphTool (lib/Image/ExifTool.pm) is affected in ExifTool before 12.38 due to a faulty $file =~ /|$/ check, enabling command injection. Affected component: ExifTool Perl library; vulnerability identified as CVE-2022-23935. Public advisories from Astra Linux and Alpine Linux/Fedora-based records c...

CVE-2018-20211

CVE-2018-20211 affects ExifTool v8.32. Local privilege escalation via DLL hijacking: an attacker creates a TEMP\par-%username%\cache-exiftool-8.32 folder and places a malicious ws32_32.dll there, allowing privilege gain when a victim runs the tool. Root cause is loading a DLL from a user-writable...

CVE-2026-3102

CVE-2026-3102 affects exiftool up to 13.49 on macOS, specifically the SetMacOSTags function in lib/Image/ExifTool/MacOS.pm within the PNG File Parser. The vulnerability arises from manipulating the DateTimeOriginal argument, enabling an OS command injection . The issue is described as exploitable...