Vulnerability Details : CVE-2021-22204
Public exploit exists!
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Products affected by CVE-2021-22204
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:a:exiftool_project:exiftool:*:*:*:*:*:*:*:*
CVE-2021-22204 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
ExifTool Remote Code Execution Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2021-22204
Added on
2021-11-17
Action due date
2021-12-01
Exploit prediction scoring system (EPSS) score for CVE-2021-22204
96.67%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2021-22204
-
GitLab Unauthenticated Remote ExifTool Command Injection
Disclosure Date: 2021-04-14First seen: 2022-12-23exploit/multi/http/gitlab_exif_rceThis module exploits an unauthenticated file upload and command injection vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The patched versions are 13.10.3, 13.9.6, and 13.8.8. Exploitation will result in command executio -
ExifTool DjVu ANT Perl injection
Disclosure Date: 2021-05-24First seen: 2021-05-12exploit/unix/fileformat/exiftool_djvu_ant_perl_injectionThis module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using
CVSS scores for CVE-2021-22204
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
6.8
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
2.5
|
3.7
|
GitLab Inc. | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST | 2024-07-24 |
CWE ids for CVE-2021-22204
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-22204
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/
[SECURITY] Fedora 32 Update: perl-Image-ExifTool-12.16-3.fc32 - package-announce - Fedora mailing-listsRelease Notes
-
https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
Update to 12.24 · exiftool/exiftool@cf0f4e7 · GitHubPatch
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/
[SECURITY] Fedora 34 Update: perl-Image-ExifTool-12.16-3.fc34 - package-announce - Fedora mailing-listsRelease Notes
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/
[SECURITY] Fedora 33 Update: perl-Image-ExifTool-12.16-3.fc33 - package-announce - Fedora mailing-listsRelease Notes
-
https://www.debian.org/security/2021/dsa-4910
Debian -- Security Information -- DSA-4910-1 libimage-exiftool-perlMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
GitLab 13.10.2 Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html
ExifTool 12.23 Arbitrary Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2021/05/09/1
oss-security - [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious imageMailing List;Third Party Advisory
-
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json
2021/CVE-2021-22204.json · master · GitLab.org / cves · GitLabThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/
[SECURITY] Fedora 33 Update: perl-Image-ExifTool-12.16-3.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://hackerone.com/reports/1154542
Sign inExploit;Issue Tracking;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html
[SECURITY] [DLA 2663-1] libimage-exiftool-perl security updateMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/
[SECURITY] Fedora 34 Update: perl-Image-ExifTool-12.16-3.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/
[SECURITY] Fedora 32 Update: perl-Image-ExifTool-12.16-3.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2021/05/10/5
oss-security - Re: [CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious imageMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html
ExifTool DjVu ANT Perl Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
GitLab Unauthenticated Remote ExifTool Command Injection ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Jump to