232 matches found
DSA-4910-1 libimage-exiftool-perl - security update
Bulletin has no description...
Remote Code Execution (RCE)
perl-image-exiftool is vulnerable to remote code execution. A lack of proper neutralization of user data in the DjVu file format in ExifTool allows an attacker to arbitrary code execution by sending a malicious image jpg, tiff, mp4 and many more...
exiftool Injection Vulnerability
exiftool is a software application. Make metadata more accessible. An injection vulnerability exists in ExifTool versions 7.44 and earlier versions, which can be exploited by an attacker to arbitrarily execute code while parsing a malicious image...
DEBIAN-CVE-2021-22204
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...
CVE-2021-22204
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...
CVE-2021-22204
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...
Input validation
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...
CVE-2021-22204
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...
CVE-2021-22204
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...
CVE-2021-22204
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...
CVE-2021-22204
CVE-2021-22204 : ExifTool versions 7.44 and later are vulnerable to arbitrary code execution when parsing a malicious image due to improper neutralization of user data in the DjVu file format. Several connected sources confirm this remote code execution vector within ExifTool’s handling of DjVu c...
CVE-2021-22204
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...
CVE-2021-22204
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image...
exiftool 代码注入漏洞
exiftool is a software application. Make metadata more accessible. An injection vulnerability exists in ExifTool versions 7.44 and earlier versions, which can be exploited by an attacker to arbitrarily execute code while parsing a malicious image...
CVE-2021-22204
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
GitLab: RCE when removing metadata with ExifTool
Summary When uploading image files, GitLab Workhorse passes any files with the extensions jpg|jpeg|tiff through to ExifTool to remove any non-whitelisted tags. An issue with this is that ExifTool will ignore the file extension and try to determine what the file is based on the content, allowing f...
PT-2021-5828
Name of the Vulnerable Software and Affected Versions ExifTool versions 7.44 and up Description The issue is related to improper neutralization of user data in the DjVu file format, allowing arbitrary code execution when parsing malicious images. This could enable a remote attacker to access...
Security Vulnerability found in ExifTool
Debian Security Advisory reports: A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed...
Shopify: XSS Stored via Upload avatar PNG [HTML] File in accounts.shopify.com
Hello team, I found unrestricted file upload via avatar in https://accounts.shopify.com/accounts/, and XSS Stored in PNG IDAT chunks using exiftool , exiftool command exiftool -Comment=""alertprompt'XSS BY ZEROX4'" xsscommentexifmetadatadoublequote.png Payload example : �PNG �...
TuxResponse - Linux Incident Response
TuxResponse is incident response script for linux systems written in bash. It can automate incident response activities on Linux systems and enable you to triage systems quickly, while not compromising with the results. Usually corporate systems would have some kind of monitoring and control, but...