CVE-2021-22204

Related Files

Gentoo Linux Security Advisory 202407-27

Posted Jul 24, 2024

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202407-27 - Multiple vulnerabilities have been discovered in ExifTool, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 12.42 are affected.

tags | advisory, arbitrary, vulnerability, code execution

systems | linux, gentoo

advisories | CVE-2021-22204, CVE-2022-23935

SHA-256 | 70b2c3a2a8c960c71bcd4a2608a6410fd215532ae908cfca040c366b7b0a7175

Download | Favorite | View

ExifTool 12.23 Arbitrary Code Execution

Posted May 11, 2022

Authored by UNICORD

ExifTool version 12.23 suffers from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution

advisories | CVE-2021-22204

SHA-256 | 64cc166efac5cd6f78570d3b6a1c98c138fa2b30ed3484dfc3395c62d10feda4

Download | Favorite | View

GitLab 13.10.2 Remote Code Execution

Posted Nov 17, 2021

Authored by Jacob Baines

GitLab version 13.10.2 remote code execution exploit that provides a reverse shell.

tags | exploit, remote, shell, code execution

advisories | CVE-2021-22204, CVE-2021-22205

SHA-256 | a3816f4a73b68abc9aa497e0982428e2bde3d7b0a005094907ca8484d9f39f60

Download | Favorite | View

GitLab Unauthenticated Remote ExifTool Command Injection

Posted Nov 4, 2021

Authored by William Bowling, jbaines-r7 | Site metasploit.com

This Metasploit module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command execution as the git user.

tags | exploit, file upload

advisories | CVE-2021-22204, CVE-2021-22205

SHA-256 | 674d3772ec48b70f0ba624c93a36ffde9a6d313b18359aa19702fc270257ff56

Download | Favorite | View

Ubuntu Security Notice USN-4987-1

Posted Jun 11, 2021

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4987-1 - It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code.

tags | advisory, arbitrary

systems | linux, ubuntu

advisories | CVE-2021-22204

SHA-256 | 01216f4b0bff69660770e2b90fb0ec684e438b292bfb41ed62f1d47f805568e9

Download | Favorite | View

Debian Security Advisory 4910-1

Posted May 28, 2021

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4910-1 - A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed.

tags | advisory, arbitrary, perl

systems | linux, debian

advisories | CVE-2021-22204

SHA-256 | 3419aba9a6fab049b77f3b1d22f66ca6cb8054769858407b273adc18f878b239

Download | Favorite | View

ExifTool Djvu Code Execution

Posted May 19, 2021

Authored by Ashutosh Upadhyay

Whitepaper that discusses improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up that allows for arbitrary code execution when parsing a malicious image.

tags | paper, arbitrary, code execution

advisories | CVE-2021-22204

SHA-256 | 0517fcbf4b8f3c300d297bd3f60618a661d06f0ec5760f4909a67a4c5ac00216

Download | Favorite | View

ExifTool DjVu ANT Perl Injection

Posted May 12, 2021

Authored by Justin Steven, William Bowling | Site metasploit.com

This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field.

tags | exploit, shell, perl

advisories | CVE-2021-22204

SHA-256 | 6faaab2f2450fabd11bd922db38c56424cff69369eb7b6d4c402f570e3a96b13

Download | Favorite | View