[CVE-2021-22204] ExifTool - Arbitrary code execution in the DjVu module when parsing a malicious image

Related Vulnerabilities: CVE-2021-22204  

            ExifTool 7.44 to 12.23 has a bug in the DjVu module which allows for
arbitrary code execution when parsing malicious images. The bug can be
triggered from a wide variety of valid file formats.

The bug has been fixed in version 12.24.


Fixed release - https://exiftool.org/history.html#v12.24
Upstream patch -
CVE - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204


GPG Key ID: 0x980F711A

GPG Key Fingerprint: AA38 2A0E 7D22 18A9 6086  0289 41DC E04B 980F 711A