Skip to content

Instantly share code, notes, and snippets.

@lothan
lothan / CVE-2022-23935.md
Created March 18, 2022 18:17
Command Injection in Exiftool before 12.38

Overview

Exiftool versions < 12.38 are vulnerable to Command Injection through a crafted filename. If the filename passed to exiftool ends with a pipe character | and exists on the filesystem, then the file will be treated as a pipe and executed as an OS command.

Description

Exiftool is a "a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files." One of its features is being able to read metadata of compressed images. The code for this is GetImageInfo in exiftool:

sub GetImageInfo($$)