CVE-2026-3102

Vulnerability

CVE-2026-3102

A vulnerability was determined in exiftool up to 13.49 on macOS. This issue affects the function SetMacOSTags of the file lib/Image/ExifTool/MacOS.pm of the component PNG File Parser. This manipulation of the argument DateTimeOriginal causes os command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 13.50 is capable of addressing this issue. Patch name: e9609a9bcc0d32bd252a709a562fb822d6dd86f7. Upgrading the affected component is recommended.

References

launchpad.net/ubuntu-cve-tracker: https://github.com/exiftool/exiftool/
launchpad.net/ubuntu-cve-tracker: https://github.com/exiftool/exiftool/commit/e9609a9bcc0d32bd252a709a562fb822d6dd86f7
launchpad.net/ubuntu-cve-tracker: https://github.com/exiftool/exiftool/releases/tag/13.50
launchpad.net/ubuntu-cve-tracker: https://vuldb.com/?ctiid.347528
launchpad.net/ubuntu-cve-tracker: https://vuldb.com/?id.347528
launchpad.net/ubuntu-cve-tracker: https://vuldb.com/?submit.758146
launchpad.net/ubuntu-cve-tracker: https://www.cve.org/CVERecord?id=CVE-2026-3102
launchpad.net/ubuntu-cve-tracker: https://www.youtube.com/watch?v=akk0vmilfb4

severitym

medium

type: vendor

source: launchpad.net/ubuntu-cve-tracker

published: 2026-02-24 15:21:00

Detection

No detection criteria available for this vulnerability.

Data Sources

Ubuntu CVE Tracker
ubuntu-cve-tracker
- raw: ghcr.io/vulsio/vuls-data-db:vuls-data-raw-ubuntu-cve-tracker
- extracted: ghcr.io/vulsio/vuls-data-db:vuls-data-extracted-ubuntu-cve-tracker

FutureVuls|GitHub