CVE-2021-22204

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-22204
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22204.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-22204
Downstream
Related
Published
2021-04-23T18:15:08.127Z
Modified
2026-06-18T03:55:04.619024882Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Database specific 
{
    "unresolved_ranges": [
        {
            "vendor_product": "debian:debian_linux",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                },
                {
                    "last_affected": "10.0"
                }
            ],
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        },
        {
            "vendor_product": "fedoraproject:fedora",
            "extracted_events": [
                {
                    "last_affected": "32"
                },
                {
                    "last_affected": "33"
                },
                {
                    "last_affected": "34"
                }
            ],
            "cpes": [
                "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
                "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"
            ],
            "source": "CPE_STRING"
        }
    ]
}
References

Affected packages

Git / github.com/exiftool/exiftool

Affected ranges

Type
GIT
Repo
https://github.com/exiftool/exiftool
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cf0f4e7dcd024ca99615bfd1102a841a25dde031
Database specific 
{
    "extracted_events": [
        {
            "introduced": "7.44"
        },
        {
            "fixed": "12.24"
        }
    ],
    "cpe": "cpe:2.3:a:exiftool_project:exiftool:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

10.*
10.00
10.01
10.02
10.03
10.04
10.05
10.06
10.07
10.08
10.09
10.10
10.11
10.12
10.13
10.14
10.15
10.16
10.17
10.18
10.19
10.20
10.21
10.22
10.23
10.24
10.25
10.26
10.27
10.28
10.29
10.30
10.31
10.32
10.33
10.34
10.35
10.36
10.37
10.38
10.39
10.40
10.41
10.42
10.43
10.44
10.45
10.46
10.47
10.48
10.49
10.50
10.51
10.52
10.53
10.54
10.55
10.56
10.57
10.58
10.59
10.60
10.61
10.62
10.63
10.64
10.65
10.66
10.67
10.68
10.69
10.71
10.72
10.73
10.74
10.75
10.76
10.77
10.78
10.81
10.82
10.83
10.84
10.85
10.86
10.87
10.88
10.89
10.90
10.91
10.92
10.93
10.94
10.95
10.96
10.97
10.98
10.99
11.*
11.00
11.01
11.02
11.03
11.04
11.05
11.06
11.07
11.08
11.09
11.10
11.11
11.12
11.13
11.14
11.15
11.16
11.18
11.19
11.20
11.21
11.22
11.23
11.24
11.25
11.26
11.27
11.28
11.29
11.30
11.31
11.32
11.33
11.34
11.35
11.36
11.37
11.38
11.39
11.40
11.41
11.42
11.43
11.44
11.45
11.46
11.47
11.48
11.49
11.50
11.51
11.52
11.53
11.54
11.55
11.56
11.57
11.58
11.59
11.60
11.61
11.62
11.63
11.64
11.65
11.66
11.67
11.68
11.69
11.70
11.71
11.72
11.73
11.74
11.75
11.76
11.77
11.78
11.79
11.80
11.81
11.82
11.83
11.84
11.85
11.86
11.87
11.88
11.89
11.90
11.91
11.92
11.93
11.94
11.95
11.96
11.97
11.98
11.99
12.*
12.00
12.01
12.02
12.03
12.04
12.05
12.06
12.07
12.08
12.09
12.10
12.11
12.12
12.13
12.14
12.15
12.16
12.17
12.18
12.19
12.20
12.21
12.22
12.23
9.*
9.71
9.72
9.73
9.74
9.75
9.76
9.77
9.78
9.79
9.80
9.81
9.82
9.83
9.84
9.85
9.86
9.87
9.88
9.89
9.90
9.91
9.92
9.93
9.94
9.95
9.96
9.97
9.98
9.99

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22204.json"