Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
CVSS Details
- CVSS 3.1 Base Score: 6.8
- CVSS 3.1 Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Covered by Rapid7
| Product | Vendor Advisory | Solution File | Added | Published |
|---|---|---|---|---|
| Alpine Linux | alpine-linux-upgrade-perl-image-exiftool | Aug 22, 2024 | Apr 23, 2021 | |
| Debian | debian-upgrade-libimage-exiftool-perl | May 4, 2021 | Apr 23, 2021 | |
| Freebsd | freebsd-upgrade-package-p5-image-exiftool | Nov 4, 2022 | Mar 25, 2022 | |
| Gentoo Linux | gentoo-linux-upgrade-media-libs-exiftool | Jul 25, 2024 | Apr 23, 2021 | |
| Suse | — | suse-upgrade-exiftoolsuse-upgrade-perl-file-randomaccesssuse-upgrade-perl-image-exiftool | May 11, 2021 | Apr 23, 2021 |
| Ubuntu | ubuntu-pro-upgrade-libimage-exiftool-perlubuntu-upgrade-libimage-exiftool-perl | Jun 11, 2021 | Apr 23, 2021 |
Prioritise with Active Threat Intelligence
With curated Threat Intelligence, you can see which vulnerabilities truly put you at risk, prioritize what matters most, and act before attackers do.
Explore Intelligence Hub