CVE-2021-22204

CVE Published 2021-04-23
Related CWE(s) CWE-94: Improper Control of Generation of Code ('Code Injection')
Related Vendor(s) fedoraproject, exiftool_project, debian
Related Product(s) exiftool, fedora, debian_linux
Exploitation Reported (CISA KEV) 2021-11-17
CVSS 3 Base Score 6.8 (MEDIUM)
CVSS 3 Attack Complexity LOW
CVSS 3 Attack Vector LOCAL

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Cyber Threat Graph Context

Explore how this CVE relates to the wider threat graph

Associated CAPEC Patterns

References