ExifTool: Multiple vulnerabilities — GLSA 202407-27

Multiple vulnerabilities have been discovered in ExifTool, the worst of which could lead to arbitrary code execution.

Affected packages

Package	media-libs/exiftool on all architectures
Affected versions	< 12.42
Unaffected versions	>= 12.42

Background

ExifTool is a platform-independent Perl library plus a command-line application for reading, writing and editing meta information in a wide variety of files.

Description

Multiple vulnerabilities have been discovered in ExifTool. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All ExifTool users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/exiftool-12.42"

References

CVE-2021-22204
CVE-2022-23935

Release date
July 24, 2024

Latest revision
July 24, 2024: 1

Severity
normal

Exploitable
local

Bugzilla entries

785667
791397
803317
832033