GitLab Community and Enterprise Editions Remote Code Execution Vulnerability

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files...

Vulnerability fixed in GitLab

A vulnerability was fixed in April 2021 in GitLab Community Edition and GitLab Enterprise Edition. The vulnerability allows an unauthenticated remote malicious person able to execute arbitrary code to execute. The ExifTool built into GitLab could be exploited by the offering a rogue file to be...

IBM: Remote Code Execution at https://169.38.86.185/ (edst.ibm.com)

A discovered Gitlab server was running an old version affected by RCE. This vulnerability could have allowed an unauthenticated attackers to compromise the server by public exploit in ExifTool. The issue was reported to IBM and remediated...

VulnCheck KEV: CVE-2021-22204

Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204 Description Improper neutralization of use...

Exploit for Code Injection in Exiftool_Project Exiftool

CVE-2021-22204 - Exiftool Remote Code Execution Descriptio...

Updated perl-Image-ExifTool package fixes a security vulnerability

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image CVE-2021-22204...

MGASA-2021-0259 Updated perl-Image-ExifTool package fixes a security vulnerability

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image CVE-2021-22204...

Ubuntu: Security Advisory (USN-4987-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-4987-1 libimage-exiftool-perl vulnerability

It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code...

USN-4987-1: ExifTool vulnerability

It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code...

Ubuntu 18.04 LTS / 20.04 LTS : ExifTool vulnerability (USN-4987-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4987-1 advisory. It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS ...

Exploit for Code Injection in Exiftool_Project Exiftool

Gitlab-Exiftool-RCE RCE Exploit for Gitlab 13.10.3 - GitL...

Exploit for Code Injection in Exiftool_Project Exiftool

POC-CVE-2021-22204 https://nvd.nist.gov/vuln/detail/CVE-2021-...

Debian DLA-2663-1 : libimage-exiftool-perl security update

A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed. For Debian 9 stretch, this problem has been fixed in version 10.40-1+deb9u...

Debian: Security Advisory (DLA-2663-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2663-1] libimage-exiftool-perl security update

----------------------------------------------------------------------- Debian LTS Advisory DLA-2663-1 [email protected] https://www.debian.org/lts/security/ Utkarsh Gupta May 16, 2021 https://wiki.debian.org/LTS - -----------------------------------------------------------------------...

DLA-2663-1 libimage-exiftool-perl - security update

Bulletin has no description...

ExifTool DjVu ANT Perl injection

This module exploits a Perl injection vulnerability in the DjVu ANT parsing code of ExifTool versions 7.44 through 12.23 inclusive. The injection is used to execute a shell command using Perl backticks. The DjVu image can be embedded in a wrapper image using the HasselbladExif EXIF field. Module...

Exploit for Code Injection in Exiftool_Project Exiftool

Vulnerable Version 7.44 12.23 Reproduce $...