GitHub Advisory DatabaseGHSA-4WHQ-R978-2X68

HistoryMay 04, 2021 - 5:43 p.m.

Arbitrary code execution in ExifTool

2021-05-0417:43:52

CWE-74

GitHub Advisory Database

github.com

JSON

Impact

Arbitrary code execution can occur when running exiftool against files with hostile metadata payloads.

Patches

ExifTool has already been patched in version 12.24. exiftool-vendored, which vendors ExifTool, includes this patch in v14.3.0.

Workarounds

No.

References

https://twitter.com/wcbowling/status/1385803927321415687
https://nvd.nist.gov/vuln/detail/CVE-2021-22204

For more information

If you have any questions or comments about this advisory:

Open an issue in exiftool-vendored

CPENameOperatorVersion
exiftool-vendoredlt14.3.0

CPE	Name	Operator	Version
	exiftool-vendored	lt	14.3.0

References

github.com/advisories/GHSA-4whq-r978-2x68

github.com/photostructure/exiftool-vendored.js/security/advisories/GHSA-4whq-r978-2x68

prion 1

checkpoint_advisories 1

nessus 6

debian 3

veracode 1

githubexploit 16

ubuntu 2

suse 1

github 1

fedora 3

metasploit 2

osv 7

zdt 4

attackerkb 2

packetstorm 4

cisa_kev 1

freebsd 1

alpinelinux 1

cve 1

debiancve 1

ubuntucve 1

mageia 1

exploitdb 2

rapid7blog 3

thn 1

cisa 1

qualysblog 1

prion

Input validation

2021-04-23 18:15:00

checkpoint_advisories

ExifTool Remote Code Execution (CVE-2021-22204)

2021-12-13 00:00:00

nessus

FreeBSD : Security Vulnerability found in ExifTool (955f377e-7bc3-11ec-a51c-7533f219d428)

2023-11-06 00:00:00

openSUSE Security Update : perl-Image-ExifTool (openSUSE-2021-707)

2021-05-18 00:00:00

Debian DSA-4910-1 : libimage-exiftool-perl - security update

2021-05-03 00:00:00

debian

[SECURITY] [DSA 4910-1] libimage-exiftool-perl security update

2021-05-02 15:47:14

[SECURITY] [DLA 2663-1] libimage-exiftool-perl security update

2021-05-16 09:42:01

[SECURITY] [DSA 4910-1] libimage-exiftool-perl security update

2021-05-02 15:47:14

veracode

Remote Code Execution (RCE)

2021-04-25 01:28:00

githubexploit

Exploit for Code Injection in Exiftool Project Exiftool

2021-11-04 14:31:02

Exploit for Injection in Exiftool Project Exiftool

2021-05-11 18:45:07

Exploit for Injection in Exiftool Project Exiftool

2021-05-12 08:51:44

ubuntu

ExifTool vulnerability

2022-02-08 00:00:00

ExifTool vulnerability

2021-06-10 00:00:00

suse

Security update for perl-Image-ExifTool (important)

2021-05-11 00:00:00

github

ExifTool vulnerable to arbitrary code execution

2023-01-20 19:33:40

fedora

[SECURITY] Fedora 32 Update: perl-Image-ExifTool-12.16-3.fc32

2021-05-05 01:04:48

[SECURITY] Fedora 33 Update: perl-Image-ExifTool-12.16-3.fc33

2021-05-05 00:54:11

[SECURITY] Fedora 34 Update: perl-Image-ExifTool-12.16-3.fc34

2021-05-05 01:23:07

metasploit

ExifTool DjVu ANT Perl injection

2021-05-11 02:02:12

GitLab Unauthenticated Remote ExifTool Command Injection

2021-11-02 08:46:51

osv

CVE-2021-22204

2021-04-23 18:15:08

libimage-exiftool-perl - security update

2021-05-16 00:00:00

libimage-exiftool-perl - security update

2021-05-02 00:00:00

zdt

ExifTool 12.23 - Arbitrary Code Execution Exploit

2022-05-12 00:00:00

ExifTool DjVu ANT Perl Injection Exploit

2021-05-12 00:00:00

GitLab 13.10.2 - Remote Code Execution Exploit

2021-11-17 00:00:00

attackerkb

CVE-2021-22204

2021-04-23 00:00:00

CVE-2021-22205

2021-04-23 00:00:00

packetstorm

ExifTool DjVu ANT Perl Injection

2021-05-12 00:00:00

ExifTool 12.23 Arbitrary Code Execution

2022-05-11 00:00:00

GitLab Unauthenticated Remote ExifTool Command Injection

2021-11-04 00:00:00

cisa_kev

ExifTool Remote Code Execution Vulnerability

2021-11-17 00:00:00

freebsd

Security Vulnerability found in ExifTool

2021-01-04 00:00:00

alpinelinux

CVE-2021-22204

2021-04-23 18:15:00

cve

CVE-2021-22204

2021-04-23 18:15:00

debiancve

CVE-2021-22204

2021-04-23 18:15:00

ubuntucve

CVE-2021-22204

2021-04-23 00:00:00

mageia

Updated perl-Image-ExifTool package fixes a security vulnerability

2021-06-16 23:22:25

exploitdb

ExifTool 12.23 - Arbitrary Code Execution

2022-05-11 00:00:00

GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated)

2021-11-17 00:00:00

rapid7blog

GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild

2021-11-01 13:33:43

Metasploit Wrap-Up

2021-05-14 17:29:09

Metasploit Wrap-Up

2021-11-05 19:43:51

thn

Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal

2022-04-25 20:00:00

cisa

CISA Adds Four Known Exploited Vulnerabilities to Catalog

2021-11-17 00:00:00

qualysblog

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

Arbitrary code execution in ExifTool

Impact

Patches

Workarounds

References

For more information

References

Related