exiftool needs to updated to latest version (security vulnerability)

*** Please report new bugs here! ***

Moderators: XnTriq, helmut, xnview, Dreamer

Post Reply
lasdgu
Posts: 2
Joined: Mon May 03, 2021 12:59 am

exiftool needs to updated to latest version (security vulnerability)

Post by lasdgu »

Not sure if this is the place for this type of report but exiftool, which is used by XNViewMP (at least on MacOS) has a serious security vulnerability. It allows for arbitrary code execution if it tries processing certain malicuously crafted images (regardless of extension):


https://twitter.com/wcbowling/status/13 ... 7321415687
https://cve.mitre.org/cgi-bin/cvename.c ... 2021-22204


Patched version of exiftool is 12.24:

https://github.com/exiftool/exiftool/co ... 6bdadb3800

Hoping you can update to versionused in XNViewMP and get a new release out with the patched version of exiftool.


Thanks!
User avatar
xnview
Author of XnView
Posts: 43326
Joined: Mon Oct 13, 2003 7:31 am
Location: France
Contact:

Re: exiftool needs to updated to latest version (security vulnerability)

Post by xnview »

a new version of XnView MP will be soon available
Pierre.
lasdgu
Posts: 2
Joined: Mon May 03, 2021 12:59 am

Re: exiftool needs to updated to latest version (security vulnerability)

Post by lasdgu »

thanks as always, pierre!
Post Reply