Vulnerability detail
Enriched intelligence for a single CVE
Medium
CVE-2021-22204
PUBLISHEDImproper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the...
- Vendor
- ExifTool
- Product
- ExifTool
- Published
- Apr 23, 2021
- EPSS
- —
Description
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
CVSS scores
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
Exploitation status
Exploited in the wild
Recorded 2021-11-17 00:00:00 UTC · Source
SSVC decision points
- Exploitation
- active
- Automatable
- No
- Technical impact
- partial
References
- https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
- https://hackerone.com/reports/1154542
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json
- https://www.debian.org/security/2021/dsa-4910
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/
- http://www.openwall.com/lists/oss-security/2021/05/09/1
- http://www.openwall.com/lists/oss-security/2021/05/10/5
- http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html
- https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html
- http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
- http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | Nov 17, 2021 |
| CISA | Nov 17, 2021 |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/gitlab_exif_rce.rb | Apr 28, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2023-05-14 03:43:28 UTC · 4 stars
github · Created 2022-04-16 22:49:47 UTC · 41 stars
Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution
github · Created 2022-02-21 11:07:19 UTC · 8 stars
exiftool exploit
github · Created 2022-01-30 03:11:56 UTC · 2 stars
A complete PoC for CVE-2021-22204 exiftool RCE
github · Created 2021-12-29 13:41:35 UTC · 3 stars
github · Created 2021-11-04 14:31:02 UTC · 2 stars
Modification of gitlab exploit anything under 13.10
github · Created 2021-08-02 18:56:16 UTC · 27 stars
github · Created 2021-08-02 09:11:27 UTC · 3 stars
github · Created 2021-05-21 00:14:52 UTC · 8 stars
POC for exiftool vuln (CVE-2021-22204).
github · Created 2021-05-12 08:51:44 UTC · 11 stars
exiftool arbitrary code execution vulnerability
github · Created 2021-05-11 18:45:07 UTC · 93 stars
Python exploit for the CVE-2021-22204 vulnerability in Exiftool
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Added to KEVIntel
-
Detected by Metasploit