Skip to main content

Exiftool

2 CVEs product

Monthly

CVE-2026-7580 LOW PATCH Monitor

Code injection in ExifTool versions up to 13.53 allows local attackers with limited privileges to execute arbitrary code via manipulation of the -ee argument in the Process_mrld function when processing JPEG/QuickTime/MOV/MP4 files. The vulnerability has a very low CVSS score of 1.9 due to local-only attack vector and low impact, but is tagged as RCE. Vendor-released patch available in version 13.54.

RCE Code Injection Exiftool
NVD VulDB GitHub
CVSS 4.0
1.9
EPSS
0.0%
CVE-2021-22204 HIGH POC KEV PATCH THREAT Act Now

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Exiftool Debian Linux Fedora
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
100.0%
EPSS 0% CVSS 1.9
LOW PATCH Monitor

Code injection in ExifTool versions up to 13.53 allows local attackers with limited privileges to execute arbitrary code via manipulation of the -ee argument in the Process_mrld function when processing JPEG/QuickTime/MOV/MP4 files. The vulnerability has a very low CVSS score of 1.9 due to local-only attack vector and low impact, but is tagged as RCE. Vendor-released patch available in version 13.54.

RCE Code Injection Exiftool
NVD VulDB GitHub
EPSS 100% CVSS 7.8
HIGH POC KEV PATCH THREAT Act Now

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

RCE Code Injection Exiftool +2
NVD GitHub Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy