CPANSA-Image-ExifTool-2021-22204: Image-ExifTool vulnerability

Publisher giterlizzi Document category csaf_security_advisory
Initial release date 2021-04-23T00:00:00 Engine CSAF Perl Toolkit 0.25
Current release date 2021-04-23T00:00:00 Build Date
Current version 1 Status final
CVSS v3.1 Base Score 6.8 Severity
Original language Language en
Also referred to

Vulnerability Description

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Vulnerabilities

CVE-2021-22204

Vulnerability Description

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Weakness CWE-94 : Improper Control of Generation of Code ('Code Injection')

Product status

Known affected
Product Score
Image-ExifTool greater than or equal 7.44 and less than or equal 12.23
CVSS Version CVSS Vector CVSS Base Score CVSS Base Severity
3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L 6.8 Medium
2.0 AV:N/AC:M/Au:N/C:P/I:P/A:P 6.8 Medium
Fixed

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

Revision history

Version Date of the revision Summary of the revision
1 Fri Apr 23 00:00:00 2021 First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/