* SECURITY UPDATE: Arbitrary code execution
- debian/patches/CVE-2021-22204.patch: Improper neutralization of user
data in the DjVu file format in ExifTool versions 7.44 and up allows
arbitrary code execution when parsing the malicious image. (LP: #1925985)
Thanks to William Bowling for the bug report on Launchpad.
Thanks to Gregor Herrmann for backporting the patch.
From debian release 12.16+dfsg-2.
- CVE-2021-22204
-- hugo buddelmeijer <email address hidden> Wed, 09 Jun 2021 20:39:41 +0200
This bug was fixed in the package libimage- exiftool- perl - 12.16+dfsg- 1ubuntu0. 1
--------------- exiftool- perl (12.16+ dfsg-1ubuntu0. 1) hirsute-security; urgency=medium
libimage-
* SECURITY UPDATE: Arbitrary code execution patches/ CVE-2021- 22204.patch: Improper neutralization of user
- debian/
data in the DjVu file format in ExifTool versions 7.44 and up allows
arbitrary code execution when parsing the malicious image. (LP: #1925985)
Thanks to William Bowling for the bug report on Launchpad.
Thanks to Gregor Herrmann for backporting the patch.
From debian release 12.16+dfsg-2.
- CVE-2021-22204
-- hugo buddelmeijer <email address hidden> Wed, 09 Jun 2021 20:39:41 +0200