CVE-2022-23935

Public on 2022-01-25
Modified on 2022-02-17
Description
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check.
Severity
Important severity
Important
CVSS v3 Base Score
7.8
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 perl-Image-ExifTool 2022-02-17 ALAS-2022-1566 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C
Amazon Linux CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
NVD CVSSv2 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C
NVD CVSSv3 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2022-23935 Mitre: CVE-2022-23935