CVE-2026-3102

Sažetak

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 13.50 is capable of addressing this issue. Patch name: e9609a9bcc0d32bd252a709a562fb822d6dd86f7. Upgrading the affected component is recommended.

Reference

https://github.com/exiftool/exiftool/
https://github.com/exiftool/exiftool/commit/e9609a9bcc0d32bd252a709a562fb822d6dd86f7
https://github.com/exiftool/exiftool/releases/tag/13.50
https://vuldb.com/?ctiid.347528
https://vuldb.com/?id.347528
https://vuldb.com/?submit.758146
https://www.youtube.com/watch?v=akk0vmilfb4

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

26-02-2026 - 20:09

Objavljeno

24-02-2026 - 15:21