Your submission was sent successfully! Close

CVE-2021-22204

Published: 23 April 2021

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Priority

High

CVSS 3 base score: 7.8

Status

Package Release Status
libimage-exiftool-perl
Launchpad, Ubuntu, Debian
bionic
Released (10.80-1ubuntu0.1)
focal
Released (11.88-1ubuntu0.1)
groovy
Released (12.05-1ubuntu0.1)
hirsute
Released (12.16+dfsg-1ubuntu0.1)
impish Not vulnerable
(12.16+dfsg-2)
jammy Not vulnerable
(12.16+dfsg-2)
precise Does not exist

trusty Does not exist

upstream
Released (12.16+dfsg-2)
xenial Ignored
(end of standard support, was needs-triage)