cve/2021/CVE-2021-22204.md

CVE-2021-22204

Description

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

POC

Reference

• http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html
• http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
• http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html
• http://www.openwall.com/lists/oss-security/2021/05/10/5

Github

• https://github.com/0xBruno/CVE-2021-22204
• https://github.com/0xStrygwyr/OSCP-Guide
• https://github.com/0xZipp0/OSCP
• https://github.com/0xsyr0/OSCP
• https://github.com/ARPSyndicate/cvemon
• https://github.com/Akash7350/CVE-2021-22204
• https://github.com/Al1ex/CVE-2021-22205
• https://github.com/Asaad27/CVE-2021-22204-RSE
• https://github.com/AssassinUKG/CVE-2021-22204
• https://github.com/BLACKHAT-SSG/MindMaps2
• https://github.com/CsEnox/Gitlab-Exiftool-RCE
• https://github.com/DarkFunct/CVE_Exploits
• https://github.com/EdgeSecurityTeam/Vulnerability
• https://github.com/Konstantinos-Papanagnou/CMSpit
• https://github.com/LazyTitan33/ExifTool-DjVu-exploit
• https://github.com/Lazykakarot1/Learn-365
• https://github.com/Ly0nt4r/OSCP
• https://github.com/NaInSec/CVE-PoC-in-GitHub
• https://github.com/Ostorlab/KEV
• https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
• https://github.com/PenTestical/CVE-2021-22204
• https://github.com/PolGs/htb-meta
• https://github.com/PwnAwan/MindMaps2
• https://github.com/SYRTI/POC_to_review
• https://github.com/SexyBeast233/SecBooks
• https://github.com/SirElmard/ethical_hacking
• https://github.com/Sm4rty-1/awesome-blogs
• https://github.com/UNICORDev/exploit-CVE-2021-22204
• https://github.com/WhooAmii/POC_to_review
• https://github.com/al4xs/CVE-2021-22205-gitlab
• https://github.com/anquanscan/sec-tools
• https://github.com/battleofthebots/dejavu
• https://github.com/bilkoh/POC-CVE-2021-22204
• https://github.com/binganao/vulns-2022
• https://github.com/carmilea/carmilea
• https://github.com/convisolabs/CVE-2021-22204-exiftool
• https://github.com/devdanqtuan/CVE-2021-22205
• https://github.com/dudek0807/OverflowWriteup
• https://github.com/e-hakson/OSCP
• https://github.com/eljosep/OSCP-Guide
• https://github.com/gkhan496/WDIR
• https://github.com/harsh-bothra/learn365
• https://github.com/hongson97/ctf-challenges
• https://github.com/htrgouvea/research
• https://github.com/k0mi-tg/CVE-POC
• https://github.com/kgwanjala/oscp-cheatsheet
• https://github.com/kherrick/hacker-news
• https://github.com/manas3c/CVE-POC
• https://github.com/mr-r3bot/Gitlab-CVE-2021-22205
• https://github.com/mr-tuhin/CVE-2021-22204-exiftool
• https://github.com/nitishbadole/oscp-note-3
• https://github.com/nomi-sec/PoC-in-GitHub
• https://github.com/oneoy/Gitlab-Exiftool-RCE
• https://github.com/oscpname/OSCP_cheat
• https://github.com/ph-arm/CVE-2021-22204-Gitlab
• https://github.com/pizza-power/Golang-CVE-2021-22205-POC
• https://github.com/revanmalang/OSCP
• https://github.com/runsel/GitLab-CVE-2021-22205-
• https://github.com/se162xg/CVE-2021-22204
• https://github.com/soosmile/POC
• https://github.com/star-sg/CVE
• https://github.com/szTheory/exifcleaner
• https://github.com/trganda/CVE-2021-22204
• https://github.com/trganda/starrlist
• https://github.com/trhacknon/CVE2
• https://github.com/trhacknon/Pocingit
• https://github.com/txuswashere/OSCP
• https://github.com/tzwlhack/Vulnerability
• https://github.com/whoforget/CVE-POC
• https://github.com/x00tex/hackTheBox
• https://github.com/xhref/OSCP
• https://github.com/youwizard/CVE-POC
• https://github.com/zecool/cve