Unrated severityCISA KEVNVD Advisory· Published Apr 23, 2021· Updated Oct 21, 2025
CVE-2021-22204
CVE-2021-22204
Description
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versionspkg:rpm/opensuse/perl-Image-ExifTool&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/perl-Image-ExifTool&distro=SUSE%20Package%20Hub%2015%20SP1pkg:rpm/suse/perl-Image-ExifTool&distro=SUSE%20Package%20Hub%2015%20SP2
< 12.25-bp152.4.3.1+ 2 more
- (no CPE)range: < 12.25-bp152.4.3.1
- (no CPE)range: < 12.25-bp152.4.3.1
- (no CPE)range: < 12.25-bp152.4.3.1
Patches
Vulnerability mechanics
References
14- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/mitrevendor-advisoryx_refsource_FEDORA
- www.debian.org/security/2021/dsa-4910mitrevendor-advisoryx_refsource_DEBIAN
- packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.htmlmitrex_refsource_MISC
- packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.htmlmitrex_refsource_MISC
- www.openwall.com/lists/oss-security/2021/05/09/1mitremailing-listx_refsource_MLIST
- www.openwall.com/lists/oss-security/2021/05/10/5mitremailing-listx_refsource_MLIST
- github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031mitrex_refsource_MISC
- gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.jsonmitrex_refsource_CONFIRM
- hackerone.com/reports/1154542mitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2021/05/msg00018.htmlmitremailing-listx_refsource_MLIST
News mentions
1- How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)Securelist · May 20, 2026