Īnyone using ExifTool make sure to update to 12.24+ as CVE-2021-22204 can be triggered with a perfectly valid image (jpg, tiff, mp4 and many more) leading to arbitrary code execution! /VDoybw07f5- William Bowling April 24, 2021 The author recently wrote a detailed write-up about the process and you can find this material in the reference links. This article was made to show our study process of the CVE to make a reliable exploit for it. We choose this CVE to our study because it was found in a high impact program, and by the date that we began the process there was no public exploit available. You can listen to the audio version of this blogspot:Įxiftool is a tool and library made in Perl that extracts metadata from almost any type of file. This vulnerability was found in the Gitlab bug bounty program, where they use this tool as dependency for their product. Recently, the researcher wcbowling found a vulnerability in the Exiftool tool, that enabled a malicious actor to perform a Remote code Execution attack.
0 kommentar(er)
