Moved to Github

Dan Fandrich — Mon, 31 Aug 2020 20:29:07 -0000

The libexif project has moved to Github.

libexif-gtk 0.4.0 released

Lutz Müller — Thu, 07 Mar 2013 21:58:10 -0000

The first release in a very long time, this one supports GTK+2 and GTK+3, is supplied with more translations, and fixes a few serious bugs.

libexif project security advisory

Lutz Müller — Thu, 12 Jul 2012 21:20:25 -0000

This is an abbreviated advisory. See http://sourceforge.net/mailarchive/message.php?msg_id=29534027 for more details.

PROBLEM DESCRIPTION

A number of remotely exploitable issues were discovered in libexif and exif, with effects ranging from information leakage to potential remote code execution.

There are no known public exploits of these issues.

AFFECTED VERSIONS

All of the described vulnerabilities affect libexif version 0.6.20, and most affect earlier versions as well.

SOLUTION

Upgrade to version 0.6.21 which is not vulnerable to these issues.

ACKNOWLEDGEMENTS

Mateusz Jurczyk of Google Security Team reported the issues CVE-2012-2812, CVE-2012-2813 and CVE-2012-2814. Yunho Kim reported the issues CVE-2012-2836 and CVE-2012-2837. Dan Fandrich discovered the issues CVE-2012-2840, CVE-2012-2841 and CVE-2012-2845.

REFERENCES

http://libexif.sf.net

libexif and exif 0.6.21 released

Lutz Müller — Thu, 12 Jul 2012 21:16:49 -0000

This is a security release that fixes a number of security and stability issues due to buffer overflows, bad pointer dereferences and division-by-zero. It also includes many updated translations and translations for two new locales: en_AU and uk.

libexif and exif 0.6.20 released

Lutz Müller — Thu, 16 Dec 2010 07:42:09 -0000

This release adds more flexibility to the existing exif options and fixes a crash when given bad command-line input. A few libexif bugs are squashed and rational values are now shown with appropriate precision. New translations are added for the bs, ro, & tr locales.

libexif project security advisory

Lutz Müller — Fri, 13 Nov 2009 07:36:22 -0000

PROBLEM DESCRIPTION

A flaw in libexif was discovered that causes a heap buffer to overflow when certain invalid EXIF images are processed. The flaw occurs in the tag fixup routine which attempts to convert in place an array of 8-bit integers into 16-bit integers. This fixup is performed by default after reading an image and until version 0.6.18 there was no easy way to disable it, so it is likely that nearly all applications using libexif to read images are vulnerable.

AFFECTED VERSIONS

Only libexif version 0.6.18 is affected by this flaw. Version 0.6.17 and previous and 0.6.19 and later are not affected.

SOLUTION

Upgrade to version 0.6.19.

REFERENCES

http://libexif.sf.net

libexif and exif 0.6.19 released

Lutz Müller — Fri, 13 Nov 2009 07:06:00 -0000

This release fixes a security vulnerability found in libexif 0.6.18, plus manages to squeeze in a substantial performance improvement. Also included are new translations for be, en_GB, it, ja, pt, sq and zh_CN locales.

libexif and exif 0.6.18 released

Lutz Müller — Sat, 10 Oct 2009 08:34:49 -0000

This release's highlights include greatly expanded API documentation and sample programs, improved support for Pentax, Casio and Epson MakerNotes, increased stability in the face of corrupted JPEG files, and proper output alignment in UTF-8 locales. EXIF tag fixup is now more eager in the default case, which means that more mandatory tags are added when needed and others automatically corrected to be of the proper data types. New translations for da, is, it, lv, pt_BR and sr locales are also included.

Read more in the NEWS file included in each release archive.

libexif - new design

Lutz Müller — Mon, 11 Feb 2002 10:17:15 -0000

Hi everybody!

If you are looking for an EXIF library that is well-designed, written in C, supports loading, editing (!) and saving (!), and supports internationalization by design, libexif is what you are looking for.

I still need help regarding manufacturer-specific tags. I imagine this library to be used in various programs (both with GUI and command-line tools), thus reducing the need for reinventing the wheel. If you already have an EXIF implementation, please look into contributing to this library and using it instead of your own implementation.

Have fun!

Lutz

AOLserver loadable module

Lutz Müller — Wed, 25 Oct 2000 00:13:00 -0000

There is now code for an AOLserver loadable module in the 'aolserver' directory.

Recent posts to news

Moved to Github

libexif-gtk 0.4.0 released

libexif project security advisory

libexif and exif 0.6.21 released

libexif and exif 0.6.20 released

libexif project security advisory

libexif and exif 0.6.19 released

libexif and exif 0.6.18 released

libexif - new design

AOLserver loadable module