Search criteria
3 vulnerabilities by exiftool_project
CVE-2022-23935 (GCVE-0-2022-23935)
Vulnerability from cvelistv5 – Published: 2022-01-25 05:10 – Updated: 2024-08-03 03:59
VLAI?
Summary
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:59:23.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/ert-plus/1414276e4cb5d56dd431c2f0429e4429"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\\|$/ check, leading to command injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-18T18:40:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/ert-plus/1414276e4cb5d56dd431c2f0429e4429"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-23935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\\|$/ check, leading to command injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582",
"refsource": "MISC",
"url": "https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582"
},
{
"name": "https://gist.github.com/ert-plus/1414276e4cb5d56dd431c2f0429e4429",
"refsource": "MISC",
"url": "https://gist.github.com/ert-plus/1414276e4cb5d56dd431c2f0429e4429"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-23935",
"datePublished": "2022-01-25T05:10:12",
"dateReserved": "2022-01-25T00:00:00",
"dateUpdated": "2024-08-03T03:59:23.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22204 (GCVE-0-2021-22204)
Vulnerability from cvelistv5 – Published: 2021-04-23 17:22 – Updated: 2025-10-21 23:25
VLAI?
Summary
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Severity ?
6.8 (Medium)
CWE
- Improper neutralization of directives in dynamically evaluated code ('eval injection') in ExifTool
Assigner
References
Credits
Thanks vakzz for reporting this vulnerability through the GitLab HackerOne bug bounty program who then reported it to the ExifTool maintainer
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/1154542"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json"
},
{
"name": "DSA-4910",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4910"
},
{
"name": "FEDORA-2021-de850ed71e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/"
},
{
"name": "FEDORA-2021-e3d8833d36",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/"
},
{
"name": "FEDORA-2021-88d24aa32b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/"
},
{
"name": "[oss-security] 20210509 [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/09/1"
},
{
"name": "[oss-security] 20210510 Re: [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/10/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html"
},
{
"name": "[debian-lts-announce] 20210516 [SECURITY] [DLA 2663-1] libimage-exiftool-perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-22204",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T19:49:52.310831Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-17",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22204"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:25:48.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22204"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-17T00:00:00+00:00",
"value": "CVE-2021-22204 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "ExifTool",
"vendor": "ExifTool",
"versions": [
{
"status": "affected",
"version": "\u003e=7.44, \u003c12.24"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Thanks vakzz for reporting this vulnerability through the GitLab HackerOne bug bounty program who then reported it to the ExifTool maintainer"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper neutralization of directives in dynamically evaluated code (\u0027eval injection\u0027) in ExifTool",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-11T17:06:12.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/1154542"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json"
},
{
"name": "DSA-4910",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4910"
},
{
"name": "FEDORA-2021-de850ed71e",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/"
},
{
"name": "FEDORA-2021-e3d8833d36",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/"
},
{
"name": "FEDORA-2021-88d24aa32b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/"
},
{
"name": "[oss-security] 20210509 [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/09/1"
},
{
"name": "[oss-security] 20210510 Re: [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2021/05/10/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html"
},
{
"name": "[debian-lts-announce] 20210516 [SECURITY] [DLA 2663-1] libimage-exiftool-perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2021-22204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ExifTool",
"version": {
"version_data": [
{
"version_value": "\u003e=7.44, \u003c12.24"
}
]
}
}
]
},
"vendor_name": "ExifTool"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Thanks vakzz for reporting this vulnerability through the GitLab HackerOne bug bounty program who then reported it to the ExifTool maintainer"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper neutralization of directives in dynamically evaluated code (\u0027eval injection\u0027) in ExifTool"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800",
"refsource": "MISC",
"url": "https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800"
},
{
"name": "https://hackerone.com/reports/1154542",
"refsource": "MISC",
"url": "https://hackerone.com/reports/1154542"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json"
},
{
"name": "DSA-4910",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4910"
},
{
"name": "FEDORA-2021-de850ed71e",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/"
},
{
"name": "FEDORA-2021-e3d8833d36",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/"
},
{
"name": "FEDORA-2021-88d24aa32b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/"
},
{
"name": "[oss-security] 20210509 [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/09/1"
},
{
"name": "[oss-security] 20210510 Re: [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2021/05/10/5"
},
{
"name": "http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html"
},
{
"name": "[debian-lts-announce] 20210516 [SECURITY] [DLA 2663-1] libimage-exiftool-perl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html"
},
{
"name": "http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html"
},
{
"name": "http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-22204",
"datePublished": "2021-04-23T17:22:15.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:25:48.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20211 (GCVE-0-2018-20211)
Vulnerability from cvelistv5 – Published: 2019-01-02 18:00 – Updated: 2024-08-05 11:58
VLAI?
Summary
ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\par-%username%\cache-exiftool-8.32 folder with a victim's username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:18.621Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20181221 CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Dec/44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\\par-%username%\\cache-exiftool-8.32 folder with a victim\u0027s username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-02T17:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20181221 CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Dec/44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ExifTool 8.32 allows local users to gain privileges by creating a %TEMP%\\par-%username%\\cache-exiftool-8.32 folder with a victim\u0027s username, and then copying a Trojan horse ws32_32.dll file into this new folder, aka DLL Hijacking. NOTE: 8.32 is an obsolete version from 2010 (9.x was released starting in 2012, and 10.x was released starting in 2015)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181221 CVE-2018-20211 - DLL Hijacking in Exiftool v8.3.2.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Dec/44"
},
{
"name": "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150892/Exiftool-8.3.2.0-DLL-Hijacking.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20211",
"datePublished": "2019-01-02T18:00:00",
"dateReserved": "2018-12-18T00:00:00",
"dateUpdated": "2024-08-05T11:58:18.621Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}