Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2021-22204

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Related bugs and status

CVE-2021-22204 (Candidate) is related to these bugs:

Bug #1925985: CVE-2021-22204

		In	Importance	Status
1925985	CVE-2021-22204	libimage-exiftool-perl (Ubuntu)	High	Fix Released
1925985	CVE-2021-22204	libimage-exiftool-perl (Debian)	Unknown	Fix Released
1925985	CVE-2021-22204	libimage-exiftool-perl (Ubuntu Bionic)	High	Fix Released
1925985	CVE-2021-22204	libimage-exiftool-perl (Ubuntu Groovy)	High	Fix Released
1925985	CVE-2021-22204	libimage-exiftool-perl (Ubuntu Hirsute)	High	Fix Released
1925985	CVE-2021-22204	libimage-exiftool-perl (Ubuntu Focal)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://gitlab.com/git...
MISC: https://github.com/exi...
MISC: https://hackerone.com/...
DEBIAN: DSA-4910
FEDORA: FEDORA-2021-88d24aa32b
FEDORA: FEDORA-2021-de850ed71e
FEDORA: FEDORA-2021-e3d8833d36
MLIST: [oss-security] 2021050...
MLIST: [oss-security] 2021051...
MISC: http://packetstormsecu...
MLIST: [debian-lts-announce] ...
MISC: http://packetstormsecu...
MISC: http://packetstormsecu...
MISC: http://packetstormsecu...