Ubuntu
libimage-exiftool-perl package

  1. Bug #1925985
  2. Comment #2

Comment 2 for bug 1925985

Revision history for this message
Hugo Buddelmeijer (hugo-n) wrote :

The status of this bug says "Fix Released". How can one install this released fix on Ubuntu 20.04.2 LTS (Focal Fossa)?

The publicly available proof of concept arbitrary code execution on hackerone [1] works as-is on the latest exiftool (11.88-1) in the focal repositories. This makes it a security risk to run exiftool.

[1] https://hackerone.com/reports/1154542