module
ExifTool DjVu ANT Perl injection
| Disclosed |
|---|
| May 24, 2021 |
Disclosed
May 24, 2021
Description
This module exploits a Perl injection vulnerability in the DjVu ANT
parsing code of ExifTool versions 7.44 through 12.23 inclusive. The
injection is used to execute a shell command using Perl backticks.
The DjVu image can be embedded in a wrapper image using the
HasselbladExif EXIF field.
parsing code of ExifTool versions 7.44 through 12.23 inclusive. The
injection is used to execute a shell command using Perl backticks.
The DjVu image can be embedded in a wrapper image using the
HasselbladExif EXIF field.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.