Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-8zn7-he8h-gfhr

Summary A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Process_mrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argument -ee results in code injection. Attacking locally is a requirement. Upgrading to version 13.54 is recommended to address this issue. The patch is identified as 5a8b6b6ead12b39e3f32f978a4efd0233facbb01. It is suggested to upgrade the affected component. The fix in the source code mentions: "[J]ust to be safe, probably never happen".

Aliases

alias	CVE-2026-7580

Fixed_packages

url	pkg:deb/debian/libimage-exiftool-perl@0?distro=trixie
purl	pkg:deb/debian/libimage-exiftool-perl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libimage-exiftool-perl@0%3Fdistro=trixie

url pkg:deb/debian/libimage-exiftool-perl@12.16%2Bdfsg-2?distro=trixie

purl pkg:deb/debian/libimage-exiftool-perl@12.16%2Bdfsg-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g647-gq3z-73aw

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libimage-exiftool-perl@12.16%252Bdfsg-2%3Fdistro=trixie

url	pkg:deb/debian/libimage-exiftool-perl@12.57%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/libimage-exiftool-perl@12.57%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libimage-exiftool-perl@12.57%252Bdfsg-1%3Fdistro=trixie

url	pkg:deb/debian/libimage-exiftool-perl@13.55%2Bdfsg-1
purl	pkg:deb/debian/libimage-exiftool-perl@13.55%2Bdfsg-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libimage-exiftool-perl@13.55%252Bdfsg-1

url	pkg:deb/debian/libimage-exiftool-perl@13.55%2Bdfsg-1?distro=trixie
purl	pkg:deb/debian/libimage-exiftool-perl@13.55%2Bdfsg-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libimage-exiftool-perl@13.55%252Bdfsg-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/libimage-exiftool-perl@13.25%2Bdfsg-1

purl pkg:deb/debian/libimage-exiftool-perl@13.25%2Bdfsg-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8zn7-he8h-gfhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libimage-exiftool-perl@13.25%252Bdfsg-1

url pkg:deb/debian/libimage-exiftool-perl@13.25%2Bdfsg-1?distro=trixie

purl pkg:deb/debian/libimage-exiftool-perl@13.25%2Bdfsg-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8zn7-he8h-gfhr

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libimage-exiftool-perl@13.25%252Bdfsg-1%3Fdistro=trixie

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-7580

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.00996
published_at	2026-06-09T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00998
published_at	2026-06-07T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00997
published_at	2026-06-06T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-7580

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135381
reference_id	1135381
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135381

reference_url

https://github.com/exiftool/exiftool/releases/tag/13.54

reference_id

13.54

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:52:19Z/

url

https://github.com/exiftool/exiftool/releases/tag/13.54

reference_url

https://vuldb.com/vuln/360421

reference_id

360421

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:52:19Z/

url

https://vuldb.com/vuln/360421

reference_url

https://github.com/exiftool/exiftool/commit/5a8b6b6ead12b39e3f32f978a4efd0233facbb01

reference_id

5a8b6b6ead12b39e3f32f978a4efd0233facbb01

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:52:19Z/

url

https://github.com/exiftool/exiftool/commit/5a8b6b6ead12b39e3f32f978a4efd0233facbb01

reference_url

https://github.com/exiftool/exiftool/commit/5a8b6b6ead12b39e3f32f978a4efd0233facbb01#diff-5a95c56c6f98f0aa538233fd81bb9967154f3e9ebd4126a98dfb126c4c5629a4

reference_id

5a8b6b6ead12b39e3f32f978a4efd0233facbb01#diff-5a95c56c6f98f0aa538233fd81bb9967154f3e9ebd4126a98dfb126c4c5629a4

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:52:19Z/

url

https://github.com/exiftool/exiftool/commit/5a8b6b6ead12b39e3f32f978a4efd0233facbb01#diff-5a95c56c6f98f0aa538233fd81bb9967154f3e9ebd4126a98dfb126c4c5629a4

reference_url

https://vuldb.com/submit/800049

reference_id

800049

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:52:19Z/

url

https://vuldb.com/submit/800049

reference_url

https://vuldb.com/vuln/360421/cti

reference_id

cti

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:52:19Z/

url

https://vuldb.com/vuln/360421/cti

reference_url

https://github.com/exiftool/exiftool/

reference_id

exiftool

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:52:19Z/

url

https://github.com/exiftool/exiftool/

reference_url

https://youtu.be/WktMPapQxlM

reference_id

WktMPapQxlM

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-01T14:52:19Z/

url

https://youtu.be/WktMPapQxlM

Weaknesses

cwe_id	74
name	Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
description	The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

cwe_id	94
name	Improper Control of Generation of Code ('Code Injection')
description	The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Exploits

Severity_range_score 4.3 - 5.3

Exploitability 0.5

Weighted_severity 4.8

Risk_score 2.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zn7-he8h-gfhr

Vulnerability Instance