CVE-2021-22204

HighKnown Exploited

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing…

GitLab·CWE-94·Published 2021-04-23

CVSS

7.8

EPSS

1.00

KEV

Yes

Exploits

cve.orgen

158 chars

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

NVDen

158 chars

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

Una neutralización inapropiada de los datos del usuario en el formato de archivo DjVu en ExifTool versiones 7.44 y posteriores, permite una ejecución de código arbitrario cuando se analiza la imagen maliciosa

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	6.8	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
3.1	Primary	cve.org	6.8	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
3.1	Secondary	NVD	6.8	2.5	3.7	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L