Vulnerabilites related to ExifTool - ExifTool
cve-2021-22204
Vulnerability from cvelistv5
Published
2021-04-23 17:22
Modified
2025-02-06 19:50
Severity ?
EPSS score ?
Summary
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:37:18.092Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://hackerone.com/reports/1154542", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json", }, { name: "DSA-4910", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-4910", }, { name: "FEDORA-2021-de850ed71e", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/", }, { name: "FEDORA-2021-e3d8833d36", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/", }, { name: "FEDORA-2021-88d24aa32b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/", }, { name: "[oss-security] 20210509 [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/05/09/1", }, { name: "[oss-security] 20210510 Re: [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2021/05/10/5", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html", }, { name: "[debian-lts-announce] 20210516 [SECURITY] [DLA 2663-1] libimage-exiftool-perl security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2021-22204", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-02-06T19:49:52.310831Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2021-11-17", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22204", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-94", description: "CWE-94 Improper Control of Generation of Code ('Code Injection')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-06T19:50:56.751Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "ExifTool", vendor: "ExifTool", versions: [ { status: "affected", version: ">=7.44, <12.24", }, ], }, ], credits: [ { lang: "en", value: "Thanks vakzz for reporting this vulnerability through the GitLab HackerOne bug bounty program who then reported it to the ExifTool maintainer", }, ], descriptions: [ { lang: "en", value: "Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Improper neutralization of directives in dynamically evaluated code ('eval injection') in ExifTool", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-05-11T17:06:12.000Z", orgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", shortName: "GitLab", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800", }, { tags: [ "x_refsource_MISC", ], url: "https://hackerone.com/reports/1154542", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json", }, { name: "DSA-4910", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-4910", }, { name: "FEDORA-2021-de850ed71e", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/", }, { name: "FEDORA-2021-e3d8833d36", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/", }, { name: "FEDORA-2021-88d24aa32b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/", }, { name: "[oss-security] 20210509 [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/05/09/1", }, { name: "[oss-security] 20210510 Re: [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2021/05/10/5", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html", }, { name: "[debian-lts-announce] 20210516 [SECURITY] [DLA 2663-1] libimage-exiftool-perl security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@gitlab.com", ID: "CVE-2021-22204", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "ExifTool", version: { version_data: [ { version_value: ">=7.44, <12.24", }, ], }, }, ], }, vendor_name: "ExifTool", }, ], }, }, credit: [ { lang: "eng", value: "Thanks vakzz for reporting this vulnerability through the GitLab HackerOne bug bounty program who then reported it to the ExifTool maintainer", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 6.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Improper neutralization of directives in dynamically evaluated code ('eval injection') in ExifTool", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800", refsource: "MISC", url: "https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800", }, { name: "https://hackerone.com/reports/1154542", refsource: "MISC", url: "https://hackerone.com/reports/1154542", }, { name: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json", refsource: "CONFIRM", url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json", }, { name: "DSA-4910", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-4910", }, { name: "FEDORA-2021-de850ed71e", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/", }, { name: "FEDORA-2021-e3d8833d36", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/", }, { name: "FEDORA-2021-88d24aa32b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/", }, { name: "[oss-security] 20210509 [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/05/09/1", }, { name: "[oss-security] 20210510 Re: [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2021/05/10/5", }, { name: "http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html", }, { name: "[debian-lts-announce] 20210516 [SECURITY] [DLA 2663-1] libimage-exiftool-perl security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html", }, { name: "http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html", }, { name: "http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html", }, { name: "http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", assignerShortName: "GitLab", cveId: "CVE-2021-22204", datePublished: "2021-04-23T17:22:15.000Z", dateReserved: "2021-01-05T00:00:00.000Z", dateUpdated: "2025-02-06T19:50:56.751Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }