GHSA-cw26-7653-2rp5

Impact

exiftool-vendored starts ExifTool in -stay_open True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one of those strings could split a single intended argument into multiple ExifTool arguments, allowing argument injection. The fix also rejects NUL bytes as unsafe control characters.

Applications that pass attacker-controlled strings to affected APIs may allow an attacker to make ExifTool read files accessible to the ExifTool process, or write output to attacker-chosen file system paths accessible to that process. No remote code execution has been demonstrated.

The reported write-path issue is caused by unsanitized tag keys. Tag values passed to ExifTool#write are not affected, because WriteTask already encodes whitespace characters in values (e.g. \n -> 
) before transmission.

Confirmed affected inputs:

• Tag-name arguments / tag keys — keys of the tags object passed to ExifTool#write; entries of the retain option to ExifTool#deleteAllTags; entries of the numericTags option to ExifTool#read; the tagname argument to ExifTool#extractBinaryTag and #extractBinaryTagToBuffer.
• Filename / path arguments to ExifTool#write, #read, #readRaw, #deleteAllTags, #rewriteAllTags, #extractBinaryTag, #extractBinaryTagToBuffer, and the binary-extraction convenience methods #extractJpgFromRaw, #extractPreview, and #extractThumbnail. path.resolve() does not strip newlines, so an application that accepts attacker-controlled filenames containing newline characters was vulnerable.
• The imageHashType option to ExifTool#read. TypeScript types restrict this to a literal union, but JS callers or callers with weakened type checking could reach the sink.

Applications that only pass hardcoded strings for tag names, options, and filenames are not affected.

Patches

Fixed in v35.19.0. Two layers of defense:

1. Per-site input validation. A new validateTagName helper rejects any tag-name string containing characters outside the ExifTool tag grammar (letters, digits, :, -, _, and the ExifTool modifiers *, ?, +, #). Applied at every tag-name interpolation site.
2. Defense-in-depth at the command renderer. ExifToolTask.renderCommand now rejects any argument containing \r, \n, or \0 before it is sent to the ExifTool process. This catches injection via filename arguments, option values, and any future interpolation site that forgets the per-site validator.

Workarounds

Upgrade to v35.19.0 or later.

If upgrading immediately is not possible, reject untrusted strings containing control characters before passing them to the affected APIs. Conservative guard:

function assertSafeForExifTool(s: string): void {
  if (typeof s !== "string" || /[\x00-\x20=<>]/.test(s)) {
    throw new Error("Rejected unsafe string for ExifTool");
  }
}

Apply to tag names, retain / numericTags entries, binary-extraction tag names, filenames, and the imageHashType option. This is a denylist and is strictly weaker than the library's internal validator; it is sufficient to block the known PoCs but will accept strings that the library itself now rejects.

Resources

• ExifTool -stay_open / argument-file documentation: https://exiftool.org/exiftoolpod.html#stayopen-FLAG
• ExifTool tag-name reference: https://exiftool.org/TagNames/
• CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') — https://cwe.mitre.org/data/definitions/88.html

Credit

• Reporter: Hank Tam
• Affiliation: Independent