Text only | Text with Images

photools.com Community

IMatch Discussion Boards => General Discussion and Questions => Topic started by: jonz on May 03, 2021, 01:38:09 AM

Title: EXIF Tool problem?
Post by: jonz on May 03, 2021, 01:38:09 AM
Is this a problem for us?

https://www.reddit.com/r/hacking/comments/n0k9r4/arbitrary_code_execution_found_in_exiftool_make/
Title: Re: EXIF Tool problem?
Post by: lbo on May 03, 2021, 10:13:21 AM
Quote from: jonz on May 03, 2021, 01:38:09 AM
Is this a problem for us?

only if you process malicious images, i.e. from external sources, with ExifTol / IMatch.

Updating to version ExifTool-12.24 fixes the vulnerability.
Title: Re: EXIF Tool problem?
Post by: Mario on May 03, 2021, 02:24:15 PM
I would also guess that the risk is low, unless you download images from shady web sites where somebody may have uploaded images which target explicitly this vulnerably in ExifTool (or the PERL runtime).
I have not tested it yet (the IMatch 2020 code base rests currently), but usually there are no issues when migrating to a slightly higher ExifTool version.
I currently use the 12.23 with IMatch 2021 Alpha.
Title: Re: EXIF Tool problem?
Post by: jonz on May 03, 2021, 03:13:36 PM
I think I'll wait until IMatch gets updated since I deal almost exclusively with my own photos. Thank you both...
Text only | Text with Images