Ubuntu
libimage-exiftool-perl package

  1. Bug #1925985
  2. Comment #11

Comment 11 for bug 1925985

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libimage-exiftool-perl - 10.80-1ubuntu0.1

---------------
libimage-exiftool-perl (10.80-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Arbitrary code execution
    - debian/patches/CVE-2021-22204.patch: Improper neutralization of user
      data in the DjVu file format in ExifTool versions 7.44 and up allows
      arbitrary code execution when parsing the malicious image. (LP: #1925985)
      Thanks to William Bowling for the bug report on Launchpad.
      Thanks to Gregor Herrmann for backporting the patch.
      From debian release 12.16+dfsg-2.
    - CVE-2021-22204

 -- hugo buddelmeijer <email address hidden> Wed, 09 Jun 2021 20:39:41 +0200