Lucene search

Basic search
Lucene search
Search by product

Vendors

Products

GitHub Advisory DatabaseGHSA-Q95H-CQRV-8JV5

HistoryJan 20, 2023 - 7:33 p.m.

ExifTool vulnerable to arbitrary code execution

2023-01-2019:33:40

CWE-74

GitHub Advisory Database

github.com

JSON

Impact

Arbitrary code execution can occur when running exiftool against files with hostile metadata payloads

Patches

ExifTool has already been patched in version 12.24. exiftool_vendored.rb, which vendors ExifTool, includes this patch in v12.25.0.

Workarounds

References

https://twitter.com/wcbowling/status/1385803927321415687
https://nvd.nist.gov/vuln/detail/CVE-2021-22204

For more information

If you have any questions or comments about this advisory:

Open an issue in exiftool_vendored.rb

CPENameOperatorVersion
exiftool_vendoredlt12.25.0

CPE	Name	Operator	Version
	exiftool_vendored	lt	12.25.0

References

github.com/advisories/GHSA-q95h-cqrv-8jv5

github.com/exiftool-rb/exiftool_vendored.rb/security/advisories/GHSA-q95h-cqrv-8jv5

twitter.com/wcbowling/status/1385803927321415687

nessus 6

github 1

githubexploit 16

fedora 3

suse 1

openvas 9

checkpoint_advisories 1

prion 1

debian 3

veracode 1

ubuntu 2

packetstorm 4

osv 7

ubuntucve 1

mageia 1

zdt 4

debiancve 1

attackerkb 2

cisa_kev 1

freebsd 1

cve 1

alpinelinux 1

metasploit 2

exploitdb 2

thn 1

rapid7blog 3

cisa 1

qualysblog 1

nessus

openSUSE Security Update : perl-Image-ExifTool (openSUSE-2021-707)

2021-05-18 00:00:00

Debian DSA-4910-1 : libimage-exiftool-perl - security update

2021-05-03 00:00:00

FreeBSD : Security Vulnerability found in ExifTool (955f377e-7bc3-11ec-a51c-7533f219d428)

2023-11-06 00:00:00

github

Arbitrary code execution in ExifTool

2021-05-04 17:43:52

githubexploit

Exploit for Injection in Exiftool Project Exiftool

2021-05-11 18:45:07

Exploit for Injection in Exiftool Project Exiftool

2021-05-12 08:51:44

Exploit for Code Injection in Exiftool Project Exiftool

2021-11-04 14:31:02

fedora

[SECURITY] Fedora 33 Update: perl-Image-ExifTool-12.16-3.fc33

2021-05-05 00:54:11

[SECURITY] Fedora 32 Update: perl-Image-ExifTool-12.16-3.fc32

2021-05-05 01:04:48

[SECURITY] Fedora 34 Update: perl-Image-ExifTool-12.16-3.fc34

2021-05-05 01:23:07

suse

Security update for perl-Image-ExifTool (important)

2021-05-11 00:00:00

openvas

Fedora: Security Advisory for perl-Image-ExifTool (FEDORA-2021-e3d8833d36)

2021-05-05 00:00:00

Fedora: Security Advisory for perl-Image-ExifTool (FEDORA-2021-88d24aa32b)

2021-05-05 00:00:00

Ubuntu: Security Advisory (USN-4987-1)

2021-06-11 00:00:00

checkpoint_advisories

ExifTool Remote Code Execution (CVE-2021-22204)

2021-12-13 00:00:00

prion

Input validation

2021-04-23 18:15:00

debian

[SECURITY] [DSA 4910-1] libimage-exiftool-perl security update

2021-05-02 15:47:14

[SECURITY] [DSA 4910-1] libimage-exiftool-perl security update

2021-05-02 15:47:14

[SECURITY] [DLA 2663-1] libimage-exiftool-perl security update

2021-05-16 09:42:01

veracode

Remote Code Execution (RCE)

2021-04-25 01:28:00

ubuntu

ExifTool vulnerability

2022-02-08 00:00:00

ExifTool vulnerability

2021-06-10 00:00:00

packetstorm

ExifTool 12.23 Arbitrary Code Execution

2022-05-11 00:00:00

ExifTool DjVu ANT Perl Injection

2021-05-12 00:00:00

GitLab 13.10.2 Remote Code Execution

2021-11-17 00:00:00

osv

libimage-exiftool-perl vulnerability

2022-02-08 21:24:13

libimage-exiftool-perl vulnerability

2021-06-10 20:27:47

ExifTool vulnerable to arbitrary code execution

2023-01-20 19:33:40

ubuntucve

CVE-2021-22204

2021-04-23 00:00:00

mageia

Updated perl-Image-ExifTool package fixes a security vulnerability

2021-06-16 23:22:25

zdt

ExifTool DjVu ANT Perl Injection Exploit

2021-05-12 00:00:00

ExifTool 12.23 - Arbitrary Code Execution Exploit

2022-05-12 00:00:00

GitLab 13.10.2 - Remote Code Execution Exploit

2021-11-17 00:00:00

debiancve

CVE-2021-22204

2021-04-23 18:15:00

attackerkb

CVE-2021-22204

2021-04-23 00:00:00

CVE-2021-22205

2021-04-23 00:00:00

cisa_kev

ExifTool Remote Code Execution Vulnerability

2021-11-17 00:00:00

freebsd

Security Vulnerability found in ExifTool

2021-01-04 00:00:00

cve

CVE-2021-22204

2021-04-23 18:15:00

alpinelinux

CVE-2021-22204

2021-04-23 18:15:00

metasploit

ExifTool DjVu ANT Perl injection

2021-05-11 02:02:12

GitLab Unauthenticated Remote ExifTool Command Injection

2021-11-02 08:46:51

exploitdb

ExifTool 12.23 - Arbitrary Code Execution

2022-05-11 00:00:00

GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated)

2021-11-17 00:00:00

thn

Researchers Takeover Unpatched 3rd-Party Antivirus Sandboxes via VirusTotal

2022-04-25 20:00:00

rapid7blog

Metasploit Wrap-Up

2021-05-14 17:29:09

GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild

2021-11-01 13:33:43

Metasploit Wrap-Up

2021-11-05 19:43:51

cisa

CISA Adds Four Known Exploited Vulnerabilities to Catalog

2021-11-17 00:00:00

qualysblog

Managing CISA Known Exploited Vulnerabilities with Qualys VMDR

2022-02-23 05:39:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

JSON

Related for GHSA-Q95H-CQRV-8JV5