Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:30
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 |
27 Jul 2022, 16:29
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
11 May 2022, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Nov 2021, 21:06
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html - Third Party Advisory, VDB Entry | |
References | (MISC) http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/ - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/05/09/1 - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2021/05/10/5 - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html - Exploit, Third Party Advisory, VDB Entry | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* |
17 Nov 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Nov 2021, 01:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
04 Nov 2021, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 May 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 May 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 May 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 May 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 May 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 May 2021, 14:29
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 6.8
v3 : 7.8 |
CPE | cpe:2.3:a:exiftool_project:exiftool:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* |
|
CWE | CWE-74 | |
References | (MISC) https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 - Patch, Third Party Advisory | |
References | (MISC) https://hackerone.com/reports/1154542 - Permissions Required, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2021/dsa-4910 - Third Party Advisory | |
References | (CONFIRM) https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json - Third Party Advisory |
03 May 2021, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Apr 2021, 18:46
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-04-23 18:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-22204
Mitre link : CVE-2021-22204
CVE.ORG link : CVE-2021-22204
JSON object : View
Products Affected
debian
- debian_linux
exiftool_project
- exiftool
fedoraproject
- fedora
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')