Severity: high

    Arbitrary Code Execution

    exiftool-vendored

    Overview

    Impact

    Arbitrary code execution can occur when running exiftool against files with hostile metadata payloads.

    Patches

    ExifTool has already been patched in version 12.24. exiftool-vendored, which vendors ExifTool, includes this patch in v14.3.0.

    Workarounds

    No.

    Remediation

    Upgrade to version 14.3.0 or later

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      May 4th, 2021
    2. reported

      Reported by Anonymous
      May 4th, 2021