English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.853803
Category:SuSE Local Security Checks
Title:openSUSE: Security Advisory for perl-Image-ExifTool (openSUSE-SU-2021:0707-1)
Summary:The remote host is missing an update for the 'perl-Image-ExifTool'; package(s) announced via the openSUSE-SU-2021:0707-1 advisory.
Description:Summary:
The remote host is missing an update for the 'perl-Image-ExifTool'
package(s) announced via the openSUSE-SU-2021:0707-1 advisory.

Vulnerability Insight:
This update for perl-Image-ExifTool fixes the following issues:

Update to version 12.25 fixes (boo#1185547 CVE-2021-22204)

* JPEG XL support is now official

* Added read support for Medical Research Council (MRC) image files

* Added ability to write a number of 3gp tags in video files

* Added a new Sony PictureProfile value (thanks Jos Roost)

* Added a new Sony LensType (thanks LibRaw)

* Added a new Nikon LensID (thanks Niels Kristian Bech Jensen)

* Added a new Canon LensType

* Decode more GPS information from Blackvue dashcam videos

* Decode a couple of new NikonSettings tags (thanks Warren Hatch)

* Decode a few new RIFF tags

* Improved Validate option to add minor warning if standard XMP is missing
xpacket wrapper

* Avoid decoding some large arrays in DNG images to improve performance
unless the -m option is used

* Patched bug that could give runtime warning when trying to write an
empty XMP structure

* Fixed decoding of ImageWidth/Height for JPEG XL images

* Fixed problem were Microsoft Xtra tags couldn't be deleted

version 12.24:

* Added a new PhaseOne RawFormat value (thanks LibRaw)

* Decode a new Sony tag (thanks Jos Roost)

* Decode a few new Panasonic and FujiFilm tags (thanks LibRaw and
Greybeard)

* Patched security vulnerability in DjVu reader

* Updated acdsee.config in distribution (thanks StarGeek)

* Recognize AutoCAD DXF files

* More work on experimental JUMBF read support

* More work on experimental JPEG XL read/write support

version 12.23:

* Added support for Olympus ORI files

* Added experimental read/write support for JPEG XL images

* Added experimental read support for JUMBF metadata in JPEG and Jpeg2000
images

* Added built-in support for parsing GPS track from Denver ACG-8050 videos
with the -ee option

* Added a some new Sony lenses (thanks Jos Roost and LibRaw)

* Changed priority of Samsung trailer tags so the first DepthMapImage
takes precedence when -a is not used

* Improved identification of M4A audio files

* Patched to avoid escaping ', ' in 'Binary data' message when

- struct is used

* Removed Unknown flag from MXF VideoCodingSchemeID tag

* Fixed -forcewrite=EXIF to apply to EXIF in binary header of EPS files

* API Changes:
+ Added BlockExtract option

version 12.22:

* Added a few new Sony LensTypes and a new SonyModelID (thanks Jos Roost
and LibRaw)

* Added Extr ...

Description truncated. Please see the references for more information.

Affected Software/OS:
'perl-Image-ExifTool' package(s) on openSUSE Leap 15.2.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-22204
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22204.json
Debian Security Information: DSA-4910 (Google Search)
https://www.debian.org/security/2021/dsa-4910
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/F6UOBPU3LSHAPRRJNISNVXZ5DSUIALLV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4RF6PJCJ6NQOVJJJF6HN6BORUQVIXY6/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDKDLJLBTBBR66OOPXSXCG2PQRM5KCZL/
http://packetstormsecurity.com/files/162558/ExifTool-DjVu-ANT-Perl-Injection.html
http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
http://packetstormsecurity.com/files/167038/ExifTool-12.23-Arbitrary-Code-Execution.html
https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800
https://hackerone.com/reports/1154542
https://lists.debian.org/debian-lts-announce/2021/05/msg00018.html
http://www.openwall.com/lists/oss-security/2021/05/09/1
http://www.openwall.com/lists/oss-security/2021/05/10/5
CopyrightCopyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.