ExifTool version 12.23 suffers from an arbitrary code execution vulnerability.
64cc166efac5cd6f78570d3b6a1c98c138fa2b30ed3484dfc3395c62d10feda4GitLab version 13.10.2 remote code execution exploit that provides a reverse shell.
a3816f4a73b68abc9aa497e0982428e2bde3d7b0a005094907ca8484d9f39f60This Metasploit module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command execution as the git user.
674d3772ec48b70f0ba624c93a36ffde9a6d313b18359aa19702fc270257ff56Ubuntu Security Notice 4987-1 - It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code.
01216f4b0bff69660770e2b90fb0ec684e438b292bfb41ed62f1d47f805568e9Debian Linux Security Advisory 4910-1 - A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed.
3419aba9a6fab049b77f3b1d22f66ca6cb8054769858407b273adc18f878b239Whitepaper that discusses improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up that allows for arbitrary code execution when parsing a malicious image.
0517fcbf4b8f3c300d297bd3f60618a661d06f0ec5760f4909a67a4c5ac00216This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field.
6faaab2f2450fabd11bd922db38c56424cff69369eb7b6d4c402f570e3a96b13
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed