Vulnerability in ExifTool Allows Remote Code Execution

A vulnerability in ExifTool , software for viewing and modifying metadata in all kinds of files, allows an attacker to run arbitrary code on the system if a rogue image is opened.

The vulnerability identified as CVE-2021-22204 is caused by the way that ExifTool handles user data in the DjVu file format. Here, an attacker could exploit a valid image to run his code on the user's system. Further details about the leak are not given. The vulnerability has been fixed in ExifTool version 12.24 and newer.

Security researcher William Bowling , who discovered the leak, made a demonstration showing an attack on a vulnerable version. ExifTool is available as a cross-platform Perl library, as well as a standalone application for macOS and Windows.

Previous Post Next Post