CVE-2021-22204
published 2021-04-23CVE-2021-22204: Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
PriorityP188high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITWEXPLOITInitial access
CISA Known Exploited Vulnerabilitydue 2021-12-01
Exploited in the wild
EPSS
99.98%
100.0th percentile
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libimage-exiftool-perl | < libimage-exiftool-perl 12.16+dfsg-2 (bookworm) | libimage-exiftool-perl 12.16+dfsg-2 (bookworm) |
| exiftool | exiftool | — | — |
| exiftool_project | exiftool | >= 7.44 < 12.24 | 12.24 |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2021-22204 exploits ExifTool's DjVu file format parser (annotations field); malicious files are often disguised as JPEG images but contain embedded DjVu payloads — inspect uploaded image files for DjVu magic bytes or annotations content. ↗
- →CVE-2021-22204 was exploited in the wild by Cerber ransomware actors against GitLab servers to upload and execute code remotely in the context of the 'git' account — alert on ExifTool process spawning shells or unexpected child processes under the 'git' user. ↗
- →CVE-2021-22204 exploitation results in code execution as the web server user (e.g., www-data); monitor for reverse shell connections originating from ExifTool or image-processing parent processes. ↗
- →The root cause of CVE-2021-22204 is weak regex-based sanitization before feeding user input into an eval sink in ExifTool — flag ExifTool versions 7.44 through the unpatched range processing DjVu files. ↗
- →Affected ExifTool versions are 7.44 and up (prior to the patch); ensure all asset management platforms, photo organization apps, and bulk image processing scripts are running a patched version. ↗
- ·The public PoC exploit (convisolabs/CVE-2021-22204-exiftool) requires editing the attacker IP address in exploit.py before generating the malicious image — detections based solely on static file hashes of the PoC output will not generalise across attacker-customised payloads. ↗
- ·The vulnerability is triggered during file parsing, not upload — web applications that process images server-side with ExifTool (including embedded library usage) are vulnerable even if the upload endpoint performs extension or MIME-type validation. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
ghsa7.8HIGH
osv7.8HIGH
vulncheck6.8MEDIUM
cisa7.8HIGH
vendor_debian6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
ExifTool vulnerable to arbitrary code execution
ghsa·2023-01-20·CVSS 7.8
[HIGH] CWE-74 ExifTool vulnerable to arbitrary code execution
ExifTool vulnerable to arbitrary code execution
### Impact
Arbitrary code execution can occur when running `exiftool` against files with hostile metadata payloads
### Patches
ExifTool has already been patched in version 12.24. `exiftool_vendored.rb`, which vendors ExifTool, includes this patch in [v12.25.0](https://github.com/exiftool-rb/exiftool_vendored.rb/releases/tag/v12.25.0).
### Workarounds
No
### References
https://twitter.com/wcbowling/status/1385803927321415687
https://nvd.nist.gov/vuln/detail/CVE-2021-22204
### For more information
If you have any questions or comments about this advisory:
Open an issue in [exiftool_vendored.rb](https://github.com/exiftool-rb/exiftool_vendored.rb/issues)
OSV
ExifTool vulnerable to arbitrary code execution
osv·2023-01-20·CVSS 7.8
[HIGH] ExifTool vulnerable to arbitrary code execution
ExifTool vulnerable to arbitrary code execution
### Impact
Arbitrary code execution can occur when running `exiftool` against files with hostile metadata payloads
### Patches
ExifTool has already been patched in version 12.24. `exiftool_vendored.rb`, which vendors ExifTool, includes this patch in [v12.25.0](https://github.com/exiftool-rb/exiftool_vendored.rb/releases/tag/v12.25.0).
### Workarounds
No
### References
https://twitter.com/wcbowling/status/1385803927321415687
https://nvd.nist.gov/vuln/detail/CVE-2021-22204
### For more information
If you have any questions or comments about this advisory:
Open an issue in [exiftool_vendored.rb](https://github.com/exiftool-rb/exiftool_vendored.rb/issues)
GHSA
GHSA-9377-7hwr-p4w6: Improper neutralization of user data in the DjVu file format in ExifTool versions 7
ghsa_unreviewed·2022-05-24
CVE-2021-22204 [MEDIUM] CWE-74 GHSA-9377-7hwr-p4w6: Improper neutralization of user data in the DjVu file format in ExifTool versions 7
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
GHSA
Arbitrary code execution in ExifTool
ghsa·2021-05-04·CVSS 7.8
CVE-2021-22204 [HIGH] CWE-74 Arbitrary code execution in ExifTool
Arbitrary code execution in ExifTool
### Impact
Arbitrary code execution can occur when running `exiftool` against files with hostile metadata payloads.
### Patches
ExifTool has already been patched in version 12.24. exiftool-vendored, which vendors ExifTool, includes this patch in v14.3.0.
### Workarounds
No.
### References
https://twitter.com/wcbowling/status/1385803927321415687
https://nvd.nist.gov/vuln/detail/CVE-2021-22204
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [exiftool-vendored](https://github.com/photostructure/exiftool-vendored.js)
OSV
Arbitrary code execution in ExifTool
osv·2021-05-04·CVSS 7.8
CVE-2021-22204 [HIGH] Arbitrary code execution in ExifTool
Arbitrary code execution in ExifTool
### Impact
Arbitrary code execution can occur when running `exiftool` against files with hostile metadata payloads.
### Patches
ExifTool has already been patched in version 12.24. exiftool-vendored, which vendors ExifTool, includes this patch in v14.3.0.
### Workarounds
No.
### References
https://twitter.com/wcbowling/status/1385803927321415687
https://nvd.nist.gov/vuln/detail/CVE-2021-22204
### For more information
If you have any questions or comments about this advisory:
* Open an issue in [exiftool-vendored](https://github.com/photostructure/exiftool-vendored.js)
OSV
CVE-2021-22204: Improper neutralization of user data in the DjVu file format in ExifTool versions 7
osv·2021-04-23·CVSS 7.8
CVE-2021-22204 [HIGH] CVE-2021-22204: Improper neutralization of user data in the DjVu file format in ExifTool versions 7
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
VulnCheck
ExifTool Remote Code Execution Vulnerability
vulncheck·2021·CVSS 6.8
CVE-2021-22204 [MEDIUM] CWE-95 ExifTool Remote Code Execution Vulnerability
ExifTool Remote Code Execution Vulnerability
Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Affected: Perl Exiftool
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.lacework.com/blog/mirai-goes-stealth-tls-iot-malware/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.botconf.eu/wp-content/uploads/2022/05/Botconf2022-24-PalotayZsigovits.pdf
Exploit PoC: https://vulncheck.com/xdb/11cab1d195ed; https://vulncheck.com/xdb/793a0410f319; https://vulncheck.com/xdb/195f85ead56c; https://vulncheck.com/xdb/0e17974417e2; https://vulncheck.com/xdb/c7f016c6ff9c
Remediation Due: 2021-12-01
Ubuntu
ExifTool vulnerability
vendor_ubuntu·2022-02-08
CVE-2021-22204 ExifTool vulnerability
Title: ExifTool vulnerability
Summary: ExifTool could be made to crash if it opened a specially crafted file.
USN-4987-1 fixed a vulnerability in ExifTool. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that ExifTool did not properly sanitize user data for the
DjVu file format. An attacker could use this vulnerability to cause a DoS or
possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
CISA
ExifTool Remote Code Execution Vulnerability
cisa·2021-11-17·CVSS 7.8
CVE-2021-22204 [HIGH] CWE-95 ExifTool Remote Code Execution Vulnerability
Vulnerability: ExifTool Remote Code Execution Vulnerability
Affected: Perl Exiftool
Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-22204
Remediation Due Date: 2021-12-01
Ubuntu
ExifTool vulnerability
vendor_ubuntu·2021-06-10
CVE-2021-22204 ExifTool vulnerability
Title: ExifTool vulnerability
Summary: libimage-exiftool-perl could be made to crash if it opened a specially crafted
file.
It was discovered that ExifTool did not properly sanitize user data for the
DjVu file format. An attacker could use this vulnerability to cause a DoS or
possibly execute arbitrary code.
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2021-22204: libimage-exiftool-perl - Improper neutralization of user data in the DjVu file format in ExifTool version...
vendor_debian·2021·CVSS 6.8
CVE-2021-22204 [MEDIUM] CVE-2021-22204: libimage-exiftool-perl - Improper neutralization of user data in the DjVu file format in ExifTool version...
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Scope: local
bookworm: resolved (fixed in 12.16+dfsg-2)
bullseye: resolved (fixed in 12.16+dfsg-2)
forky: resolved (fixed in 12.16+dfsg-2)
sid: resolved (fixed in 12.16+dfsg-2)
trixie: resolved (fixed in 12.16+dfsg-2)
Suricata
ET EXPLOIT GitLab Pre-Auth RCE Detected (CVE-2021-22205)
suricata·2023-02-14·CVSS 10.0
CVE-2021-22205 [CRITICAL] ET EXPLOIT GitLab Pre-Auth RCE Detected (CVE-2021-22205)
ET EXPLOIT GitLab Pre-Auth RCE Detected (CVE-2021-22205)
Rule: alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT GitLab Pre-Auth RCE Detected (CVE-2021-22205)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:13; content:"/uploads/user"; http.header_names; to_lowercase; content:"|0d 0a|x-csrf-token|0d 0a|"; http.request_body; content:"AT&TFORM"; fast_pattern; content:"DJV"; within:8; content:"ANT"; distance:0; content:"(metadata"; distance:0; content:"|5c 0a|"; distance:0; content:"|5c 0a|"; distance:0; reference:url,devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html,url,hackerone.com/reports/1154542; classtype:trojan-activity; sid:2044201; rev:5; metadata:attack_target Client_and_Server, created_at 2023_02_14, cve CVE_2021_2
Exploit-DB
ExifTool 12.23 - Arbitrary Code Execution
exploitdb·2022-05-11·CVSS 6.8
CVE-2021-22204 [MEDIUM] ExifTool 12.23 - Arbitrary Code Execution
ExifTool 12.23 - Arbitrary Code Execution
---
# Exploit Title: ExifTool 12.23 - Arbitrary Code Execution
# Date: 04/30/2022
# Exploit Author: UNICORD (NicPWNs & Dev-Yeoj)
# Vendor Homepage: https://exiftool.org/
# Software Link: https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip
# Version: 7.44-12.23
# Tested on: ExifTool 12.23 (Debian)
# CVE: CVE-2021-22204
# Source: https://github.com/UNICORDev/exploit-CVE-2021-22204
# Description: Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
#!/usr/bin/env python3
# Imports
import base64
import os
import subprocess
import sys
# Class for colors
class color:
red = '\033[91m'
gold = '\033[93m'
blue = '\033[36m'
green = '\033
Exploit-DB
GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated)
exploitdb·2021-11-17·CVSS 6.8
CVE-2021-22205 [MEDIUM] GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated)
GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated)
---
# Exploit Title: GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated)
# Shodan Dork: https://www.shodan.io/search?query=title%3A%22GitLab%22+%2B%22Server%3A+nginx%22
# Date: 11/01/2021
# Exploit Author: Jacob Baines
# Vendor Homepage: https://about.gitlab.com/
# Software Link: https://gitlab.com/gitlab-org/gitlab
# Version: GitLab Community Edition and Enterprise Edition before 13.10.3, 13.9.6, and 13.8.8
# Tested on: GitLab Community Edition 13.10.2 and 13.10.1 (Ubuntu)
# CVE : CVE-2021-22205
# Vendor Advisory: https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/
# Root Cause Analysis: https://attackerkb.com/topics/D41jRUXCiJ/cve-2021-22205/rapid7-analysis?referrer=activityFeed
Metasploit
GitLab Unauthenticated Remote ExifTool Command Injection
metasploit
GitLab Unauthenticated Remote ExifTool Command Injection
GitLab Unauthenticated Remote ExifTool Command Injection
This module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command execution as the git user.
Securelist
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
blogs_securelist·2026-05-20·CVSS 7.8
CVE-2026-3102 [HIGH] How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
Lucas Tay
Table of Contents
Introduction
Technical details
Disclaimer
Tracing the vulnerable sink
Finding an unsanitized date value
Planning the payload delivery
Bypassing the filter
Triggering the exploit
Patch analysis
How to protect against ExifTool vulnerability
Conclusions
Authors
Lucas Tay
## Introduction
ExifTool is a widely adopted utility for reading and writing metadata in image, PDF, audio, and video files. It is available both as a standalone command-line application and as a library that can be embedded in other software. In this article, we break down CVE-2026-3102 , an ExifTool vulnerability discovered by Kaspersky’s Global Research and Analysis Team (GReAT) in February 2026 and patched by the developers within the same month. Affecting macOS systems with Exi
Talos
Quarterly Report: Incident Response trends in Q1 2022
blogs_talos·2022-04-26
Quarterly Report: Incident Response trends in Q1 2022
### Ransomware continues as the top threat, while a novel increase in APT activity emerges
Ransomware was still the top threat Cisco Talos Incident Response (CTIR) saw in active engagements this quarter, continuing a trend that started in 2020. As mentioned in the 2021 year-in-review report, CTIR continues to deal with an expanding set of ransomware adversaries and major cybersecurity incidents affecting organizations worldwide.
The first quarter of 2022 also featured an increase in engagements involving advanced persistent threat (APT) activity. This included Iranian state-sponsored MuddyWater APT activity, China-based Mustang Panda activity leveraging USB drives to deliver the PlugX remote access trojan (RAT), and a suspected Chinese adversary dubbed “Deep Panda” exploiting Log4j.
##
Talos
Quarterly Report: Incident Response trends in Q1 2022
blogs_talos·2022-04-26
Quarterly Report: Incident Response trends in Q1 2022
## Quarterly Report: Incident Response trends in Q1 2022
## Ransomware continues as the top threat, while a novel increase in APT activity emerges
Ransomware was still the top threat Cisco Talos Incident Response (CTIR) saw in active engagements this quarter, continuing a trend that started in 2020. As mentioned in the 2021 year-in-review report , CTIR continues to deal with an expanding set of ransomware adversaries and major cybersecurity incidents affecting organizations worldwide.
The first quarter of 2022 also featured an increase in engagements involving advanced persistent threat (APT) activity. This included Iranian state-sponsored MuddyWater APT activity , China-based Mustang Panda activity leveraging USB drives to deliver the PlugX remote access trojan (RAT), and a suspected C
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
blogs_qualys·2022-02-23
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys
#### Table of Contents
- Situation
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISA Vulnerabilities Using Qualys VMDR
- CISA Exploited RTI
- Detailed Operational Dashboard
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively.
## Situation
Last November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directiv
arXiv
TaxIdMA: Towards a Taxonomy for Attacks related to Identities
arxiv_fulltext·2023-01-01
TaxIdMA: Towards a Taxonomy for Attacks related to Identities
TaxIdMA: Towards a Taxonomy for Attacks related to Identities
Daniela Pöhn
[email protected]
0000-0002-6373-3637
Wolfgang Hommel
[email protected]
Universität der Bundeswehr München, RI CODE
Munich
Germany
Pöhn and Hommel
## Abstract
Identity management refers to the technology and policies for the identification, authentication, and authorization of users in computer networks. Identity management is therefore fundamental to today's IT ecosystem. At the same time, identity management systems, where digital identities are managed, pose an attractive target for attacks. With the heterogeneity of identity management systems, every type (i.\,e., models, protocols, implementations) has different requirements, typical problems, and hence attack vectors. In order to provide a sys
CTF
Meta / README
ctf_writeups·CVSS 6.8
CVE-2021-22204 [MEDIUM] Meta / README
# Meta - HackTheBox - Writeup
Linux, 30 Base Points, Medium
## Machine
## TL;DR
To solve this machine, we begin by enumerating open services using ```namp``` – finding ports ```22``` and ```80```.
***User***: Found ```dev01.artcorp.htb``` vhost, Using ```CVE-2021-22204-exiftool``` to get RCE to get a shell as ```www-data```, By running ```pspy``` we found ```mogrify``` command running as cron job, And using ```ImageMagick - Shell injection``` we get the SSH private key of ```thomas``` user.
***Root***: By running ```sudo -l``` we found that we can run ```neofetch``` as root, By changing ```XDG_CONFIG_HOME``` and setting our ```neofetch``` config file we get the ```root``` flag.
## Meta Solution
### User
Let's start with ```nmap``` scanning:
```console
┌─[evyatar@parrot]─[/hack
CTF
Overflow / README
ctf_writeups·CVSS 6.8
[MEDIUM] Overflow / README
# Overflow - HackTheBox - Writeup
Linux, 40 Base Points, Hard
## Machine
## TL;DR
To solve this machine, we begin by enumerating open services using ```namp``` – finding ports ```22```, ```25``` and ```80```.
***User 1***: Found ```padding-oracle``` on ```auth``` Cookie token, Using that we create ```auth``` token of the admin user, Found SQLi on ```logs``` API, Using SQLi we fetch the ```editor``` password of ```CMS Made Simple``` system, On CMS we found another subdomain ```devbuild-job.overflow.htb```, On this subdomain, we found upload page, the webserver validate the image using ```exiftool```, Using ```CVE-2021-22204-exiftool``` we get RCE as ```www-data``` user, On ```/var/www/html/config/db.php``` we found the password of ```developer``` user.
***User 2***: By enumerating w
CWE
Permissive Regular Expression
mitre_cwe
CWE-625 Permissive Regular Expression
CWE-625: Permissive Regular Expression
The product uses a regular expression that does not sufficiently restrict the set of allowed values.
This effectively causes the regexp to accept substrings that match the pattern, which produces a partial comparison to the target. In some cases, this can lead to other weaknesses. Common errors include: not identifying the beginning and end of the target string using wildcards instead of acceptable character ranges others
Modes of Introduction:
Phase: Implementation
Note: This problem is frequently found when the regular expression is used in input validation or security features such as authentication.
Common Consequences:
Scope: Access Control. Impact: Bypass Protection Mechanism.
Detection Methods:
Automated Static Analysis: Automated static a
CWE
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
mitre_cwe
CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Phase: Implementation
Note: This weakness is prevalent in handler/dispatch procedures that might want to invoke a large number of functions, or set a large number of variables.
Common Consequences:
Scope: Confidentiality. Impact: Read Files or Directories, Read Application Data. The injected code could access restricted data / files.
Scope: Access Control. Impact:
CWE
Improper Control of Generation of Code ('Code Injection')
mitre_cwe
CWE-94 Improper Control of Generation of Code ('Code Injection')
CWE-94: Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Modes of Introduction:
Phase: Implementation
Note: REALIZATION: This weakness is caused during implementation of an architectural security tactic.
Common Consequences:
Scope: Access Control. Impact: Bypass Protection Mechanism. In some cases, injectable code controls authentication; this may lead to a remote vulnerability.
Scope: Access Control. Impact: Gain Privileges or Assume Identity. Injected code can access resources that the attacker is directly prevented from ac
http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.htmlhttp://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.htmlhttp://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.htmlhttp://www.openwall.com/lists/oss-security/2021/05/09/1http://www.openwall.com/lists/oss-security/2021/05/10/5https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.jsonhttps://hackerone.com/reports/1154542https://lists.debian.org/debian-lts-announce/2021/05/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/https://www.debian.org/security/2021/dsa-4910http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.htmlhttp://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.htmlhttp://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.htmlhttp://www.openwall.com/lists/oss-security/2021/05/09/1http://www.openwall.com/lists/oss-security/2021/05/10/5https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.jsonhttps://hackerone.com/reports/1154542https://lists.debian.org/debian-lts-announce/2021/05/msg00018.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/https://www.debian.org/security/2021/dsa-4910https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-22204
2021-04-23
Published
2021-11-17
Added to CISA KEV
Exploited in the wild