Nixpkgs security tracker
6.3 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
8 packages
- haskellPackages.exiftool
- perlPackages.ImageExifTool
- perl5Packages.ImageExifTool
- python312Packages.pyexiftool
- python313Packages.pyexiftool
- python314Packages.pyexiftool
- perl538Packages.ImageExifTool
- perl540Packages.ImageExifTool
- @LeSuisse accepted
- @LeSuisse published on GitHub
exiftool PNG File MacOS.pm SetMacOSTags os command injection
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 13.50 is capable of addressing this issue. Patch name: e9609a9bcc0d32bd252a709a562fb822d6dd86f7. Upgrading the affected component is recommended.
References
-
VDB-347528 | exiftool PNG File MacOS.pm SetMacOSTags os command injection vdb-entrytechnical-description
-
-
Submit #758146 | Exiftool 13.49 Arbitrary Code Execution third-party-advisory
-
https://www.youtube.com/watch?v=akk0vmilfb4 media-coverage
Affected products
- ==13.11
- ==13.42
- ==13.29
- ==13.21
- ==13.0
- ==13.32
- ==13.31
- ==13.40
- ==13.45
- ==13.16
- ==13.23
- ==13.36
- ==13.12
- ==13.43
- ==13.25
- ==13.50
- ==13.19
- ==13.10
- ==13.2
- ==13.33
- ==13.28
- ==13.37
- ==13.20
- ==13.30
- ==13.48
- ==13.44
- ==13.6
- ==13.1
- ==13.27
- ==13.26
- ==13.8
- ==13.34
- ==13.14
- ==13.47
- ==13.39
- ==13.46
- ==13.41
- ==13.49
- ==13.9
- ==13.22
- ==13.38
- ==13.18
- ==13.13
- ==13.15
- ==13.7
- ==13.24
- ==13.4
- ==13.5
- ==13.35
- ==13.3
- ==13.17
Matching in nixpkgs
Ignored packages (8)
pkgs.haskellPackages.exiftool
Haskell bindings to ExifTool
pkgs.perlPackages.ImageExifTool
Tool to read, write and edit EXIF meta information
pkgs.perl5Packages.ImageExifTool
Tool to read, write and edit EXIF meta information
pkgs.python312Packages.pyexiftool
Python wrapper for exiftool
pkgs.python313Packages.pyexiftool
Python wrapper for exiftool
pkgs.python314Packages.pyexiftool
Python wrapper for exiftool
pkgs.perl538Packages.ImageExifTool
Tool to read, write and edit EXIF meta information
pkgs.perl540Packages.ImageExifTool
Tool to read, write and edit EXIF meta information
Package maintainers
-
@anthonyroussel Anthony Roussel <anthony@roussel.dev>
-
@kiloreux Kiloreux Emperex <kiloreux@gmail.com>