CVE-2021-22204
Bug #1925985 reported by
William Bowling
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libimage-exiftool-perl (Debian) |
Fix Released
|
Unknown
|
|||
libimage-exiftool-perl (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Bionic |
Fix Released
|
High
|
Paulo Flabiano Smorigo | ||
Focal |
Fix Released
|
High
|
Paulo Flabiano Smorigo | ||
Groovy |
Fix Released
|
High
|
Paulo Flabiano Smorigo | ||
Hirsute |
Fix Released
|
High
|
Paulo Flabiano Smorigo |
Bug Description
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
https:/
CVE References
Changed in libimage-exiftool-perl (Ubuntu): | |
assignee: | nobody → gregor herrmann (gregoa) |
status: | New → Confirmed |
assignee: | gregor herrmann (gregoa) → nobody |
Changed in libimage-exiftool-perl (Debian): | |
status: | Unknown → Fix Released |
Changed in libimage-exiftool-perl (Ubuntu): | |
importance: | Undecided → Medium |
information type: | Public → Public Security |
Changed in libimage-exiftool-perl (Ubuntu): | |
status: | Fix Released → In Progress |
Changed in libimage-exiftool-perl (Ubuntu Bionic): | |
assignee: | nobody → Paulo Flabiano Smorigo (pfsmorigo) |
Changed in libimage-exiftool-perl (Ubuntu Hirsute): | |
assignee: | nobody → Paulo Flabiano Smorigo (pfsmorigo) |
Changed in libimage-exiftool-perl (Ubuntu Focal): | |
assignee: | nobody → Paulo Flabiano Smorigo (pfsmorigo) |
Changed in libimage-exiftool-perl (Ubuntu Groovy): | |
assignee: | nobody → Paulo Flabiano Smorigo (pfsmorigo) |
Changed in libimage-exiftool-perl (Ubuntu): | |
status: | In Progress → Fix Released |
importance: | Medium → High |
Changed in libimage-exiftool-perl (Ubuntu Bionic): | |
importance: | Undecided → High |
Changed in libimage-exiftool-perl (Ubuntu Focal): | |
importance: | Undecided → High |
Changed in libimage-exiftool-perl (Ubuntu Groovy): | |
importance: | Undecided → High |
Changed in libimage-exiftool-perl (Ubuntu Hirsute): | |
importance: | Undecided → High |
To post a comment you must log in.
This bug was fixed in the package libimage- exiftool- perl - 12.16+dfsg-2
--------------- exiftool- perl (12.16+dfsg-2) unstable; urgency=medium
libimage-
* Add patch CVE-2021- 22204.patch, taken from upstream release 12.24.
The patch fixes CVE-2021-22204: Improper neutralization of user data in
the DjVu file format in ExifTool versions 7.44 and up allows arbitrary
code execution when parsing the malicious image.
Thanks to William Bowling for the bug report on Launchpad.
(Closes: #987505) (LP: #1925985)
-- gregor herrmann <email address hidden> Sat, 24 Apr 2021 22:40:21 +0200