CVE-2026-3102

Medienbericht

Exploit

EPSS 0.2%
Veröffentlicht 24.02.2026 14:32:13
Zuletzt bearbeitet 26.02.2026 20:09:11
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 13.50 is capable of addressing this issue. Patch name: e9609a9bcc0d32bd252a709a562fb822d6dd86f7. Upgrading the affected component is recommended.

Betroffene Produkte Warnungen 0 Metriken 5 CWE 2 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Exiftool Project ≫ Exiftool Version < 13.50

Apple ≫ macOS Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.419

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
cna@vuldb.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
cna@vuldb.com	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')

The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

https://thehackernews.com/2026/03/weekly-recap-chrome-0-days-router.html

Medienbericht

TheHackersNews

17.03.2026 22:19

https://vuldb.com/?id.347528

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.347528

Permissions Required

https://vuldb.com/?submit.758146

Third Party Advisory

Exploit