Not sure if this is the place for this type of report but exiftool, which is used by XNViewMP (at least on MacOS) has a serious security vulnerability. It allows for arbitrary code execution if it tries processing certain malicuously crafted images (regardless of extension):
https://twitter.com/wcbowling/status/13 ... 7321415687
https://cve.mitre.org/cgi-bin/cvename.c ... 2021-22204
Patched version of exiftool is 12.24:
https://github.com/exiftool/exiftool/co ... 6bdadb3800
Hoping you can update to versionused in XNViewMP and get a new release out with the patched version of exiftool.
Thanks!
exiftool needs to updated to latest version (security vulnerability)
Moderators: xnview, Dreamer
-
lasdgu
- Posts: 2
- Joined: Mon May 03, 2021 12:59 am
-
xnview
- Author of XnView
- Posts: 47521
- Joined: Mon Oct 13, 2003 7:31 am
- Location: France
Re: exiftool needs to updated to latest version (security vulnerability)
a new version of XnView MP will be soon available
Pierre.
-
lasdgu
- Posts: 2
- Joined: Mon May 03, 2021 12:59 am
Re: exiftool needs to updated to latest version (security vulnerability)
thanks as always, pierre!