Exiftool
1 CVEs
product
Monthly
Command injection in exiftool's PNG file parser on macOS allows remote attackers to execute arbitrary OS commands by manipulating the DateTimeOriginal argument in the SetMacOSTags function. Public exploit code exists for this vulnerability, and affected users should upgrade to version 13.50 or later to remediate the issue.
macOS
Command Injection
Exiftool
NVD
GitHub
VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2026-3102
EPSS 0%
CVSS 6.3
MEDIUM
POC
PATCH
This Month
Command injection in exiftool's PNG file parser on macOS allows remote attackers to execute arbitrary OS commands by manipulating the DateTimeOriginal argument in the SetMacOSTags function. Public exploit code exists for this vulnerability, and affected users should upgrade to version 13.50 or later to remediate the issue.
macOS
Command Injection
Exiftool
NVD
GitHub
VulDB