thumbler

Releases6

Frequency6 months 2 weeks

Last Release almost 7 years ago

This package will extract thumbnail from video

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-26833 ↗	Mar 25, 2026Wednesday, 25 March 2026, 16:16	9.8 CRITICAL	—
thumbler through 1.1.2 allows OS command injection via the input, output, time, or size parameter in the thumbnail() function because user input is concatenated into a shell command string passed to child_process.exec() without proper sanitization or escaping.