## https://sploitus.com/exploit?id=4649A383-45FE-59D2-B6F4-B26A9B483D22
# CVE-2021-22204
## Summary of the CVE
Improper sanitization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image.
## Affected Versions
- Version 7.44 - 12.23
## Anomalies
- Dependencies: djvulibre-bin exiftool
- Calls these three commands: [bzz, dvjumake, exiftool]
## References
- [Github POC - Gustavo Dutra, May 11 2021](https://github.com/convisolabs/CVE-2021-22204-exiftool)
- [A case study on: CVE-2021-22204 Exiftool RCE - Gustavo Dutra, May 19 2021](https://blog.convisoappsec.com/en/a-case-study-on-cve-2021-22204-exiftool-rce/)
- [CVE-details - CVSS Score 6.8](https://www.cvedetails.com/cve/CVE-2021-22204/)