← Zuruck zu CVEs
CVE-2021-22204
MEDIUMCISA KEV6.8
Beschreibung
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
CVE Details
CVSS v3.1 Bewertung6.8
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/23/2021
Zuletzt geandert11/3/2025
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerPerl
ProduktExiftool
SchwachstellennameExifTool Remote Code Execution Vulnerability
KEV Aufnahmedatum2021-11-17
Behebungsfrist2021-12-01
Ransomware-NutzungUnknown
Betroffene Produkte
debian:debian_linuxexiftool_project:exiftoolfedoraproject:fedora
Schwachen (CWE)
CWE-94CWE-94
Referenzen
http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html(cve@gitlab.com)
http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html(cve@gitlab.com)
http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html(cve@gitlab.com)
http://www.openwall.com/lists/oss-security/2021/05/09/1(cve@gitlab.com)
http://www.openwall.com/lists/oss-security/2021/05/10/5(cve@gitlab.com)
https://hackerone.com/reports/1154542(cve@gitlab.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/(cve@gitlab.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/(cve@gitlab.com)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/(cve@gitlab.com)
https://www.debian.org/security/2021/dsa-4910(cve@gitlab.com)
http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/05/09/1(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2021/05/10/5(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800(af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1154542(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/(af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2021/dsa-4910(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22204(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.