what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 5 of 5 RSS Feed

Files

ExifTool DjVu ANT Perl Injection
Posted May 12, 2021
Authored by Justin Steven, William Bowling | Site metasploit.com

This Metasploit module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field.

tags | exploit, shell, perl
advisories | CVE-2021-22204
SHA-256 | 6faaab2f2450fabd11bd922db38c56424cff69369eb7b6d4c402f570e3a96b13

Related Files

ExifTool 12.23 Arbitrary Code Execution
Posted May 11, 2022
Authored by UNICORD

ExifTool version 12.23 suffers from an arbitrary code execution vulnerability.

tags | exploit, arbitrary, code execution
advisories | CVE-2021-22204
SHA-256 | 64cc166efac5cd6f78570d3b6a1c98c138fa2b30ed3484dfc3395c62d10feda4
Ubuntu Security Notice USN-4987-1
Posted Jun 11, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4987-1 - It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-22204
SHA-256 | 01216f4b0bff69660770e2b90fb0ec684e438b292bfb41ed62f1d47f805568e9
Debian Security Advisory 4910-1
Posted May 28, 2021
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4910-1 - A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed.

tags | advisory, arbitrary, perl
systems | linux, debian
advisories | CVE-2021-22204
SHA-256 | 3419aba9a6fab049b77f3b1d22f66ca6cb8054769858407b273adc18f878b239
ExifTool Djvu Code Execution
Posted May 19, 2021
Authored by Ashutosh Upadhyay

Whitepaper that discusses improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up that allows for arbitrary code execution when parsing a malicious image.

tags | paper, arbitrary, code execution
advisories | CVE-2021-22204
SHA-256 | 0517fcbf4b8f3c300d297bd3f60618a661d06f0ec5760f4909a67a4c5ac00216
Exiftool 8.3.2.0 DLL Hijacking
Posted Dec 21, 2018
Authored by Rafael Pedrero

Exiftool version 8.3.2.0 suffers from a dll hijacking vulnerability.

tags | exploit
systems | windows
advisories | CVE-2018-20211
SHA-256 | 9125ebd05baf3cba08b78407ca03eb09d7ec9f270114ad2d4353f2644f25aa65
Page 1 of 1
Back1Next

File Archive:

December 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    0 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    32 Files
  • 5
    Dec 5th
    10 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close