Vulnerability Description
A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 13.50 is capable of addressing this issue. Patch name: e9609a9bcc0d32bd252a709a562fb822d6dd86f7. Upgrading the affected component is recommended.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Exiftool Project | Exiftool | < 13.50 |
| Apple | Macos | - |
Related Weaknesses (CWE)
References
- https://github.com/exiftool/exiftool/Product
- https://github.com/exiftool/exiftool/commit/e9609a9bcc0d32bd252a709a562fb822d6ddPatch
- https://github.com/exiftool/exiftool/releases/tag/13.50Release Notes
- https://vuldb.com/?ctiid.347528Permissions Required
- https://vuldb.com/?id.347528Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.758146ExploitThird Party AdvisoryVDB Entry
- https://www.youtube.com/watch?v=akk0vmilfb4Exploit
FAQ
What is CVE-2026-3102?
CVE-2026-3102 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulatio...
How severe is CVE-2026-3102?
CVE-2026-3102 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-3102?
Check the references section above for vendor advisories and patch information. Affected products include: Exiftool Project Exiftool, Apple Macos.