[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2021-22204Date: (C)2021-04-26   (M)2023-12-22


Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.8CVSS Score : 6.8
Exploit Score: 1.8Exploit Score: 8.6
Impact Score: 5.9Impact Score: 6.4
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: LOCALAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: MEDIUM
Privileges Required: LOWAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: PARTIAL
Confidentiality: HIGHAvailability: PARTIAL
Integrity: HIGH 
Availability: HIGH 
  
Reference:
DSA-4910
FEDORA-2021-88d24aa32b
FEDORA-2021-de850ed71e
FEDORA-2021-e3d8833d36
https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html
http://www.openwall.com/lists/oss-security/2021/05/09/1
http://www.openwall.com/lists/oss-security/2021/05/10/5
http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html
http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html
https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json
https://hackerone.com/reports/1154542

CPE    1
cpe:/o:debian:debian_linux:9.0
CWE    1
CWE-94
OVAL    7
oval:org.secpod.oval:def:71647
oval:org.secpod.oval:def:120112
oval:org.secpod.oval:def:120104
oval:org.secpod.oval:def:120106
...

© SecPod Technologies