# N/A
## 概述
ExifTool版本7.44及更高版本中DjVu文件格式的用户数据未充分中和,导致解析恶意图像时可能执行任意代码。
## 影响版本
- ExifTool 7.44及以上版本
## 细节
在ExifTool处理DjVu文件格式时,用户输入的数据没有被充分中和。这种漏洞使攻击者可以通过构造恶意DjVu图像文件来执行任意代码。
## 影响
攻击者可以利用此漏洞在受害者系统上执行恶意代码,从而导致潜在的安全威胁,包括系统控制权的丧失和敏感信息的泄露。
| # | POC 描述 | 源链接 | 神龙链接 |
|---|---|---|---|
| 1 | Python exploit for the CVE-2021-22204 vulnerability in Exiftool | https://github.com/convisolabs/CVE-2021-22204-exiftool | POC详情 |
| 2 | exiftool arbitrary code execution vulnerability | https://github.com/se162xg/CVE-2021-22204 | POC详情 |
| 3 | POC for exiftool vuln (CVE-2021-22204). | https://github.com/bilkoh/POC-CVE-2021-22204 | POC详情 |
| 4 | None | https://github.com/PenTestical/CVE-2021-22204 | POC详情 |
| 5 | None | https://github.com/AssassinUKG/CVE-2021-22204 | POC详情 |
| 6 | Modification of gitlab exploit anything under 13.10 | https://github.com/ph-arm/CVE-2021-22204-Gitlab | POC详情 |
| 7 | reverse shell execution exploit of CVE 22204 | https://github.com/Asaad27/CVE-2021-22204-RSE | POC详情 |
| 8 | None | https://github.com/trganda/CVE-2021-22204 | POC详情 |
| 9 | A complete PoC for CVE-2021-22204 exiftool RCE | https://github.com/0xBruno/CVE-2021-22204 | POC详情 |
| 10 | exiftool exploit | https://github.com/mr-tuhin/CVE-2021-22204-exiftool | POC详情 |
| 11 | Exploit for CVE-2021-22204 (ExifTool) - Arbitrary Code Execution | https://github.com/UNICORDev/exploit-CVE-2021-22204 | POC详情 |
| 12 | None | https://github.com/Akash7350/CVE-2021-22204 | POC详情 |
| 13 | Challenge based on CVE-2021-22204 where users send a malicious file to a web application to gain RCE | https://github.com/battleofthebots/dejavu | POC详情 |
| 14 | CVE-2021-22204 exploit script | https://github.com/cc3305/CVE-2021-22204 | POC详情 |
| 15 | None | https://github.com/sameep0/CVE-2021-22204 | POC详情 |
| 16 | CVE-2021-22204 exiftool rce | https://github.com/Roronoawjd/CVE-2021-22204 | POC详情 |
暂无评论