hngopher.com

       [HN Gopher] Arbitrary code execution found in ExifTool. Make sur...
       ___________________________________________________________________
        
       Arbitrary code execution found in ExifTool. Make sure to update to
       12.24
        
       Author : based2
       Score  : 25 points
       Date   : 2021-05-02 18:29 UTC (4 hours ago)
        
 (HTM) web link (www.reddit.com)
 (TXT) w3m dump (www.reddit.com)
        
       | mdaniel wrote:
       | Fun fact, that was the source of a recent GitLab hotfix:
       | https://gitlab.com/gitlab-org/gitlab/-/compare/v13.10.2-ee.....
       | 
       | I was joking with my colleague that "I wonder if they had `system
       | "exiftool #{input_image_fn}"`" but it turned out I wasn't
       | terribly far off
        
       | mistrial9 wrote:
       | recently I spent a month looking through the Debian EXIF tool
       | source code along with a substantial set of pics from several
       | real people who travel .. after a "gasp" (or three), I realized
       | that "photographic evidence with time stamp, GPS and hardware ID
       | is a spies' playground" .. it actually is..
       | 
       | ps- keep up with your patches
        
       ___________________________________________________________________
       (page generated 2021-05-02 23:02 UTC)