CVE-2021-22204

May 3, 2021

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Summary:

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Reference Links(if available):

  • https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
  • https://hackerone.com/reports/1154542
  • https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json
  • https://www.debian.org/security/2021/dsa-4910

  • CVSS Score (if available)

    v2: / MEDIUM

    v3: /

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    359d364d607d2a420604f5ed0d65e1eceac077deb54d8fe37e6f5c66e52542af

    Espionage – A Linux Packet Sniffing Suite For Automated MiTM Attacks

    April 25, 2024
    CISA Logo

    CISA: CISA Releases Eight Industrial Control Systems Advisories

    April 25, 2024
    alerts

    Active Exploitation of Vulnerabilities in Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) Products.

    April 25, 2024
    image

    CACTUS Ransomware Victim: https://www[.]ghimli[.]com /

    April 25, 2024
    hkcert

    Cisco Products Multiple Vulnerabilities

    April 25, 2024