Main Vulnerability Database Vulnerabilities #VU60721

Path traversal in ExifTool - CVE-2022-23935

Published: February 20, 2022 / Updated: February 12, 2023

Vulnerability identifier: #VU60721

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2022-23935

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: ExifTool

Affected software:
ExifTool

Detailed vulnerability description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the file names within lib/Image/ExifTool.pm. A remote attacker can pass a specially crafted file name to the application and read arbitrary files on the system.

How to mitigate CVE-2022-23935

Install update from vendor's website.

Sources

https://github.com/exiftool/exiftool/commit/74dbab1d2766d6422bb05b033ac6634bf8d1f582

Path traversal in ExifTool - CVE-2022-23935

Detailed vulnerability description

How to mitigate CVE-2022-23935

Sources

Please verify you're human