This bug was fixed in the package libimage-exiftool-perl - 12.16+dfsg-2
---------------
libimage-exiftool-perl (12.16+dfsg-2) unstable; urgency=medium
* Add patch CVE-2021-22204.patch, taken from upstream release 12.24.
The patch fixes CVE-2021-22204: Improper neutralization of user data in
the DjVu file format in ExifTool versions 7.44 and up allows arbitrary
code execution when parsing the malicious image.
Thanks to William Bowling for the bug report on Launchpad.
(Closes: #987505) (LP: #1925985)
-- gregor herrmann <[email protected]> Sat, 24 Apr 2021 22:40:21 +0200
** Changed in: libimage-exiftool-perl (Ubuntu)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1925985
Title:
CVE-2021-22204
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
