A secondary exploit exists in versions prior to 12.38 due to improper handling of filenames. CVE-2021-22204: Exiftool RCE Vulnerability via DjVu Files
The refers to a category of critical vulnerabilities within ExifTool—a popular Perl library used to read and write file metadata—that allow attackers to execute arbitrary code on a system. Because ExifTool is used by many web applications, including GitLab , to process uploaded images, these exploits have been used to gain unauthenticated remote access to high-value servers. Core Vulnerabilities and Exploitation exiftool exploit
: An attacker can wrap a malicious DjVu payload inside a file that looks like a standard JPEG or TIFF. Many applications (like GitLab) check only the file extension before passing it to ExifTool. Since ExifTool determines file type based on actual content, it would trigger the vulnerable DjVu parser even if the file was named image.jpg . A secondary exploit exists in versions prior to 12
: ExifTool used a Perl eval function to process C escape sequences within DjVu metadata. A flaw in the regular expression used to find closing quotes allowed an attacker to "break out" of the string and execute their own Perl code. Core Vulnerabilities and Exploitation : An attacker can
While several flaws have been found, two primary exploits have historically dominated security discussions: 1. CVE-2021-22204: The DjVu Metadata Exploit