CVE-2021-22204 MEDIUM

CVE-2021-22204

Vendor Exiftool
Product ExifTool
KEV Status Known Exploited
Published April 23, 2021
Last update October 21, 2025

CVSS base score

6.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

April 23, 2021 CVE published
October 21, 2025 Record updated