Public bug reported:

Improper neutralization of user data in the DjVu file format in ExifTool
versions 7.44 and up allows arbitrary code execution when parsing the
malicious image


Upstream patch: 
https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204

** Affects: libimage-exiftool-perl (Ubuntu)
     Importance: Undecided
         Status: New

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-22204

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925985

Title:
  CVE-2021-22204

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to