GHSA-q95h-cqrv-8jv5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q95h-cqrv-8jv5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-q95h-cqrv-8jv5/GHSA-q95h-cqrv-8jv5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q95h-cqrv-8jv5
- Published
- 2023-01-20T19:33:40Z
- Modified
- 2024-11-29T05:41:08.593672Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- ExifTool vulnerable to arbitrary code execution
- Details
-
Impact
Arbitrary code execution can occur when running
exiftoolagainst files with hostile metadata payloadsPatches
ExifTool has already been patched in version 12.24.
exiftool_vendored.rb, which vendors ExifTool, includes this patch in v12.25.0.Workarounds
No
References
https://twitter.com/wcbowling/status/1385803927321415687 https://nvd.nist.gov/vuln/detail/CVE-2021-22204
For more information
If you have any questions or comments about this advisory:
Open an issue in exiftool_vendored.rb
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-74" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-01-20T19:33:40Z" }- References
Affected packages
RubyGems / exiftool_vendored
Package
- Name
- exiftool_vendored
- Purl
- pkg:gem/exiftool_vendored
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed12.25.0
Affected versions
9.*
9.33.0
9.33.1
9.37.0
9.41.0
9.41.1
9.41.2
9.45.0
9.46.0
9.49.0
9.50.0
9.53.0
9.58.0
9.59.0
9.60.0
9.64.0
9.65.0
9.67.0
9.68.0
9.69.0
9.71.0
9.78.0
9.99.0
10.*
10.01.0
10.04.0
10.23.0
10.25.0
10.31.0
10.40.0
10.43.0
10.49.0
10.56.0
10.58.0
10.65.0
11.*
11.41.0
11.41.1
11.42.0
11.42.1
11.42.2
11.42.3
11.42.4
11.42.5
11.43.0
11.44.0
11.47.0
11.48.0
11.49.0
11.50.0
11.51.0
11.52.0
11.53.0
11.54.0
11.55.0
11.57.0
11.60.0
11.61.0
11.62.0
11.63.0
11.64.0
11.65.0
11.67.0
11.68.0
11.69.0
11.70.0
11.71.0
11.75.0
11.75.1
11.76.0
11.77.0
11.78.0
11.79.0
11.80.0
11.84.0
11.86.0
11.88.0
11.89.0
11.90.0
11.91.0
11.92.0
11.93.0
11.94.0
11.96.0
11.97.0
11.98.0
11.99.0
12.*
12.06.0
12.08.0
12.09.0
12.10.0
12.11.0
12.12.0
12.13.0
12.14.0
12.15.0
12.16.0
12.17.0
12.17.1
12.18.0
12.22.0