CVE-2021-22204

Summary

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Affected Software

VendorProductVersion RangeStatus
ExifToolExifTool>=7.44, <12.24affected

Weaknesses

  • Improper neutralization of directives in dynamically evaluated code ('eval injection') in ExifTool

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: partial

Additional References

References