Bug#987505: CVE-2021-22204: Improper neutralization of directives in dynamically evaluated code ('eval injection')
gregor herrmann
gregoa at debian.org
Sat Apr 24 21:24:43 BST 2021
Package: libimage-exiftool-perl
Version: 7.89-1
Severity: serious
Tags: security upstream patch fixed-upstream
X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204
"Improper neutralization of user data in the DjVu file format in
ExifTool versions 7.44 and up allows arbitrary code execution when
parsing the malicious image"
Fixed upstream in 12.24:
https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
Also https://bugs.launchpad.net/bugs/1925985
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmCEfodfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx
RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ
qgao/w/9HH5DAYC64RkvniKlsDE3N5dOFDl6lNZ2uVZUadZjkMEHCFqhmjsYc0Tf
y04N09lM1cZcTi4k1czgdcwXE9IwOHmiSK/fBRsreFfBDGRQ26K9OEZ6yQ5mLXJT
d5H3oWCKBQQnGOVb21iqIsB93H+9V1+htbBxPPLNT9ZR8QU0mJlttr2pdLDB/k0Z
oajD5ZBd4b5MAHKND0XJQhD0mN93D8PDekvsFOD7waXFuUGvYeyQTD6XmFVM7liw
pP4ZxabO9Dnd7r0O2vbGjQ52H5BEVehc0nChLrStE3nLzdpFjdG/Ksop3/b/4Mc+
iHEk0EcPWgS41qjyWm1InNek7RHaYEO74hUJ6KCUnHhO/goGj4yq6h1htE0GVree
nrnVtX+cxkp8utZXC7vYoGe31iRz3GDI/MZ/+yd3NZF4xJqIAud/tJREqvJirmbJ
QbtkwprmP4EX0OTbCnJAtTeRl9Crg2TlzQ7h89dEVR1yuG+9EZFxMT9m6hHmxdph
G3YZ1UilJqyX45J+xPCXCriuK+O3y1uszfECOliZhGs1jbyBOXXN5Q5timrbJZnr
1KCtGHsjknOujO/gYqPwb/u/XkWBkdZ24dromBXqHV7lsycHARR0v0DkpcwhiNqE
b3x5mTAvmN1L4QxvfNzRsLUXOVNjjbA3ekG0zsTcApLTvxOrHM8=
=VnEt
-----END PGP SIGNATURE-----
More information about the pkg-perl-maintainers
mailing list