ADVISORIES

• GHSA-q95h-cqrv-8jv5
• Vendor Advisory

GEM

exiftool_vendored

SEVERITY

CVSS v3.x: 7.8 (High)

PATCHED VERSIONS

• >= 12.25.0

DESCRIPTION

Impact

Arbitrary code execution can occur when running exiftool against files with hostile metadata payloads

Patches

ExifTool has already been patched in version 12.24. exiftool_vendored.rb, which vendors ExifTool, includes this patch in v12.25.0.

Workarounds

No

RELATED

• CVE-2021-22204 (NVD)
• https://twitter.com/wcbowling/status/1385803927321415687