Description

A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Process_mrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argument -ee results in code injection. Attacking locally is a requirement. Upgrading to version 13.54 is recommended to address this issue. The patch is identified as 5a8b6b6ead12b39e3f32f978a4efd0233facbb01. It is suggested to upgrade the affected component. The fix in the source code mentions: "[J]ust to be safe, probably never happen".

INFO

Published Date :

2026-05-01T12:00:16.465Z

Last Modified :

2026-05-01T19:29:43.526Z

Source :

VulDB
AFFECTED PRODUCTS

The following products are affected by CVE-2026-7580 vulnerability.

Vendors Products
Exiftool Project
  • Exiftool
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-7580.

URL Resource
https://github.com/exiftool/exiftool/ cve-icon cve-icon
https://github.com/exiftool/exiftool/commit/5a8b6b6ead12b39e3f32f978a4efd0233facbb01 cve-icon cve-icon
https://github.com/exiftool/exiftool/commit/5a8b6b6ead12b39e3f32f978a4efd0233facbb01#diff-5a95c56c6f98f0aa538233fd81bb9967154f3e9ebd4126a98dfb126c4c5629a4 cve-icon cve-icon
https://github.com/exiftool/exiftool/releases/tag/13.54 cve-icon cve-icon
https://vuldb.com/submit/800049 cve-icon cve-icon
https://vuldb.com/vuln/360421 cve-icon cve-icon
https://vuldb.com/vuln/360421/cti cve-icon cve-icon
https://youtu.be/WktMPapQxlM cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Access Vector
Access Complexity
Authentication
Confidentiality Impact
Integrity Impact
Availability Impact