CVE-2026-7580
Code Injection in ExifTool via -ee Argument
Publication date: 2026-05-01
Last updated on: 2026-05-01
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| exiftool | exiftool | to 13.53 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how the vulnerability in ExifTool affects compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability exists in ExifTool versions up to 13.53, specifically in the Process_mrld function of the file lib/Image/ExifTool/GM.pm, which handles JPEG, QuickTime, MOV, and MP4 files.
The issue arises from the manipulation of the argument -ee, which can lead to code injection. This means an attacker who has local access can exploit this vulnerability to execute arbitrary code.
The vulnerability is addressed by upgrading to ExifTool version 13.54, which includes a patch fixing this security issue.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker with local access to inject and execute arbitrary code on the affected system through the manipulation of the -ee argument in ExifTool.
This could lead to unauthorized actions being performed on your system, potentially compromising system integrity, confidentiality, or availability depending on the attacker's intent.
However, the attack requires local access, which limits the risk to users who have direct or indirect local interaction with the vulnerable software.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects ExifTool versions up to 13.53, specifically the Process_mrld function in lib/Image/ExifTool/GM.pm when using the -ee argument. Detection involves identifying if ExifTool version 13.53 or earlier is installed and if the -ee argument is used in local executions.
To detect the vulnerable version of ExifTool on your system, you can run the following command to check the installed version:
- exiftool -ver
If the version is 13.53 or earlier, the system is potentially vulnerable. Additionally, monitoring local usage of ExifTool with the -ee argument could help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
The recommended immediate mitigation step is to upgrade ExifTool to version 13.54 or later, which contains the patch addressing this vulnerability.
Since the vulnerability requires local attack vectors, restricting local access to trusted users and monitoring usage of the -ee argument can also help reduce risk until the upgrade is applied.