Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2021-22204

🗓️ 23 Apr 2021 17:22:15Reported by GitLabType 
cve
 cve🔗 web.nvd.nist.gov📰️ 11 Media mentions👁 1496 Views

Improper neutralization of user data in DjVu format in ExifTool v7.44 and up, allows arbitrary code executio

Related
Detection
Affected
Refs
Social
ReporterTitlePublishedViews
Family
GithubExploit		Exploit for Code Injection in Exiftool_Project Exiftool
3 May 202216:36
githubexploit
GithubExploit		Exploit for Code Injection in Gitlab
5 Jun 202115:42
githubexploit
GithubExploit		Exploit for Code Injection in Exiftool_Project Exiftool
2 Aug 202109:11
githubexploit
GithubExploit		Exploit for Code Injection in Exiftool_Project Exiftool
27 Oct 202515:59
githubexploit
GithubExploit		Exploit for Code Injection in Exiftool_Project Exiftool
29 Dec 202113:41
githubexploit
GithubExploit		Exploit for Code Injection in Exiftool_Project Exiftool
14 May 202303:43
githubexploit
GithubExploit		Exploit for Code Injection in Exiftool_Project Exiftool
4 Nov 202114:31
githubexploit
GithubExploit		Exploit for Code Injection in Exiftool_Project Exiftool
21 Feb 202211:07
githubexploit
GithubExploit		Exploit for Code Injection in Gitlab
4 Nov 202109:01
githubexploit
GithubExploit		Exploit for Code Injection in Exiftool_Project Exiftool
14 May 202611:44
githubexploit
Rows per page
NVD
Vulners
Node
exiftool_projectexiftoolRange7.4412.24
Node
debiandebian_linuxMatch9.0
OR
debiandebian_linuxMatch10.0
Node
fedoraprojectfedoraMatch32
OR
fedoraprojectfedoraMatch33
OR
fedoraprojectfedoraMatch34
[
  {
    "product": "ExifTool",
    "vendor": "ExifTool",
    "versions": [
      {
        "status": "affected",
        "version": ">=7.44, <12.24"
      }
    ]
  }
]
SourceLink
packetstormsecuritywww.packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
packetstormsecuritywww.packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html
listswww.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/
packetstormsecuritywww.packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
debianwww.debian.org/security/2021/dsa-4910
gitlabwww.gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json
listswww.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/
packetstormsecuritywww.packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html
listswww.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/
openwallwww.openwall.com/lists/oss-security/2021/05/09/1
Rows per page
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Nov 2025 18:58Current
8High risk
Vulners AI Score8
CVSS 26.8
CVSS 3.16.8 - 7.8
EPSS0.92928
SSVC
CWE-94In Wild
cve-2021-22204djvu formatexiftoolarbitrary code executionnvd
1496