← Back to team overview

pkg-perl-maintainers team mailing list archive

  1. pkg-perl-maintainers team
  2. Mailing list archive
  3. Message #04167

[Bug 1925985] [NEW] CVE-2021-22204

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Improper neutralization of user data in the DjVu file format in ExifTool
versions 7.44 and up allows arbitrary code execution when parsing the
malicious image


Upstream patch: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204

** Affects: libimage-exiftool-perl (Ubuntu)
     Importance: Undecided
         Status: New

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-22204

-- 
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libimage-exiftool-perl in Ubuntu.
https://bugs.launchpad.net/bugs/1925985

Title:
  CVE-2021-22204

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next