Share
## https://sploitus.com/exploit?id=4649A383-45FE-59D2-B6F4-B26A9B483D22
# CVE-2021-22204

## Summary of the CVE

Improper sanitization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image.

## Affected Versions

- Version 7.44 - 12.23

## Anomalies

- Dependencies: djvulibre-bin exiftool
- Calls these three commands: [bzz, dvjumake, exiftool]

## References

- [Github POC - Gustavo Dutra, May 11 2021](https://github.com/convisolabs/CVE-2021-22204-exiftool)
- [A case study on: CVE-2021-22204 Exiftool RCE - Gustavo Dutra, May 19 2021](https://blog.convisoappsec.com/en/a-case-study-on-cve-2021-22204-exiftool-rce/)
- [CVE-details - CVSS Score 6.8](https://www.cvedetails.com/cve/CVE-2021-22204/)