oss-sec mailing list archives
[CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image
From: William Bowling <will () wbowling info>
Date: Sun, 9 May 2021 14:32:25 +1000
ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for arbitrary code execution when parsing malicious images. The bug can be triggered from a wide variety of valid file formats. The bug has been fixed in version 12.24. References: Fixed release - https://exiftool.org/history.html#v12.24 Upstream patch - https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 CVE - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204 -- GPG Key ID: 0x980F711A GPG Key Fingerprint: AA38 2A0E 7D22 18A9 6086 0289 41DC E04B 980F 711A
Current thread:
- [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image William Bowling (May 09)