The author begins by discussing their exploration of a bug bounty program that uses ExifTool to strip tags from uploaded images. They had previous experience with ExifTool but didn’t know what language it was written in until they discovered that it was Perl. They decided to investigate the source code for possible vulnerabilities and found that the ParseAnt method in the DjVu module contained an eval block that could be potentially exploited. They describe the code and its purpose in detail, highlighting the use of regex and escaping special characters. The author then goes on to explain how they tested the vulnerability and were able to achieve code execution by modifying the metadata of a DjVu image. They mention their excitement at the discovery and their desire to find a way to trigger the bug with a more common image format. They explore other modules and discover a potential avenue for exploitation in the Exif module. The author concludes by mentioning their research into the TIFF format and the information they gathered from running ExifTool on a sample tif file.
https://devcraft.io/2021/05/04/exiftool-arbitrary-code-execution-cve-2021-22204.html