Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 up to 12.23 allows arbitrary code execution when parsing the malicious image.
Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 up to 12.23 allows arbitrary code execution when parsing the malicious image.
https://hackerone.com/reports/1154542 https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800