CVE-2021-22204

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-22204
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22204.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-22204
Downstream
Related
Published
2021-04-23T18:15:08.127Z
Modified
2026-03-15T21:45:12.543136Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

References

Affected packages

Git / github.com/exiftool/exiftool

Affected ranges

Type
GIT
Repo
https://github.com/exiftool/exiftool
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cf0f4e7dcd024ca99615bfd1102a841a25dde031
Type
GIT
Repo
https://github.com/exiftool/exiftool
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cf0f4e7dcd024ca99615bfd1102a841a25dde031

Affected versions

10.*
10.00
10.01
10.02
10.03
10.04
10.05
10.06
10.07
10.08
10.09
10.10
10.11
10.12
10.13
10.14
10.15
10.16
10.17
10.18
10.19
10.20
10.21
10.22
10.23
10.24
10.25
10.26
10.27
10.28
10.29
10.30
10.31
10.32
10.33
10.34
10.35
10.36
10.37
10.38
10.39
10.40
10.41
10.42
10.43
10.44
10.45
10.46
10.47
10.48
10.49
10.50
10.51
10.52
10.53
10.54
10.55
10.56
10.57
10.58
10.59
10.60
10.61
10.62
10.63
10.64
10.65
10.66
10.67
10.68
10.69
10.71
10.72
10.73
10.74
10.75
10.76
10.77
10.78
10.79
10.81
10.82
10.83
10.84
10.85
10.86
10.87
10.88
10.89
10.90
10.91
10.92
10.93
10.94
10.95
10.96
10.97
10.98
10.99
11.*
11.00
11.01
11.02
11.03
11.04
11.05
11.06
11.07
11.08
11.09
11.10
11.11
11.12
11.13
11.14
11.15
11.16
11.17
11.18
11.19
11.20
11.21
11.22
11.23
11.24
11.25
11.26
11.27
11.28
11.29
11.30
11.31
11.32
11.33
11.34
11.35
11.36
11.37
11.38
11.39
11.40
11.41
11.42
11.43
11.44
11.45
11.46
11.47
11.48
11.49
11.50
11.51
11.52
11.53
11.54
11.55
11.56
11.57
11.58
11.59
11.60
11.61
11.62
11.63
11.64
11.65
11.66
11.67
11.68
11.69
11.70
11.71
11.72
11.73
11.74
11.75
11.76
11.77
11.78
11.79
11.80
11.81
11.82
11.83
11.84
11.85
11.86
11.87
11.88
11.89
11.90
11.91
11.92
11.93
11.94
11.95
11.96
11.97
11.98
11.99
12.*
12.00
12.01
12.02
12.03
12.04
12.05
12.06
12.07
12.08
12.09
12.10
12.11
12.12
12.13
12.14
12.15
12.16
12.17
12.18
12.19
12.20
12.21
12.22
12.23
9.*
9.71
9.72
9.73
9.74
9.75
9.76
9.77
9.78
9.79
9.80
9.81
9.82
9.83
9.84
9.85
9.86
9.87
9.88
9.89
9.90
9.91
9.92
9.93
9.94
9.95
9.96
9.97
9.98
9.99

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22204.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "7.44"
            },
            {
                "fixed": "12.24"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "10.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    }
]