Exiftool
Monthly
Code injection in ExifTool versions up to 13.53 allows local attackers with limited privileges to execute arbitrary code via manipulation of the -ee argument in the Process_mrld function when processing JPEG/QuickTime/MOV/MP4 files. The vulnerability has a very low CVSS score of 1.9 due to local-only attack vector and low impact, but is tagged as RCE. Vendor-released patch available in version 13.54.
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Code injection in ExifTool versions up to 13.53 allows local attackers with limited privileges to execute arbitrary code via manipulation of the -ee argument in the Process_mrld function when processing JPEG/QuickTime/MOV/MP4 files. The vulnerability has a very low CVSS score of 1.9 due to local-only attack vector and low impact, but is tagged as RCE. Vendor-released patch available in version 13.54.
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.