The first release in a very long time, this one supports GTK+2 and GTK+3, is supplied with more translations, and fixes a few serious bugs.
This is an abbreviated advisory. See http://sourceforge.net/mailarchive/message.php?msg_id=29534027 for more details.
A number of remotely exploitable issues were discovered in libexif and exif, with effects ranging from information leakage to potential remote code execution.
There are no known public exploits of these issues.
All of the described vulnerabilities affect libexif version 0.6.20, and most affect earlier versions as well.... read more
This is a security release that fixes a number of security and stability issues due to buffer overflows, bad pointer dereferences and division-by-zero. It also includes many updated translations and translations for two new locales: en_AU and uk.
This release adds more flexibility to the existing exif options and fixes a crash when given bad command-line input. A few libexif bugs are squashed and rational values are now shown with appropriate precision. New translations are added for the bs, ro, & tr locales.
A flaw in libexif was discovered that causes a heap buffer to overflow when certain invalid EXIF images are processed. The flaw occurs in the tag fixup routine which attempts to convert in place an array of 8-bit integers into 16-bit integers. This fixup is performed by default after reading an image and until version 0.6.18 there was no easy way to disable it, so it is likely that nearly all applications using libexif to read images are vulnerable.... read more
This release fixes a security vulnerability found in libexif 0.6.18, plus manages to squeeze in a substantial performance improvement. Also included are new translations for be, en_GB, it, ja, pt, sq and zh_CN locales.
This release's highlights include greatly expanded API documentation and sample programs, improved support for Pentax, Casio and Epson MakerNotes, increased stability in the face of corrupted JPEG files, and proper output alignment in UTF-8 locales. EXIF tag fixup is now more eager in the default case, which means that more mandatory tags are added when needed and others automatically corrected to be of the proper data types. New translations for da, is, it, lv, pt_BR and sr locales are also included.... read more
If you are looking for an EXIF library that is well-designed, written in C, supports loading, editing (!) and saving (!), and supports internationalization by design, libexif is what you are looking for.
I still need help regarding manufacturer-specific tags. I imagine this library to be used in various programs (both with GUI and command-line tools), thus reducing the need for reinventing the wheel. If you already have an EXIF implementation, please look into contributing to this library and using it instead of your own implementation.... read more
There is now code for an AOLserver loadable module in the 'aolserver' directory.