Recent Releases

0.6.2314 Sep 2021 09:31 major feature: libexif-0.6.23 (2021-09-12): * Translation updates: es, pl, uk, fr * EXIF_TAG_SENSITIVITY_TYPE decoder added, added some more Exif 2.3 tags: - EXIF_TAG_STANDARD_OUTPUT_SENSITIVITY - EXIF_TAG_RECOMMENDED_EXPOSURE_INDEX - EXIF_TAG_ISO_SPEED - EXIF_TAG_ISO_SPEEDLatitudeYYY - EXIF_TAG_ISO_SPEEDLatitudeZZZ - EXIF_TAG_OFFSET_TIME - EXIF_TAG_OFFSET_TIME_ORIGINAL - EXIF_TAG_OFFSET_TIME_DIGITIZED - EXIF_TAG_IMAGE_DEPTH * be more relaxed to out of order JPG / EXIF dataheaders in files generated by some tools * default GPS IFD table added * Decode more Nikon Makernote tag names * Added Apple iOS Makernote * Security fixes: * CVE-2020-0198: unsigned integer overflow in exif_data_load_data_content * CVE-2020-0452: compiler optimization could remove an a bufferoverflow check, making a buffer overflow possible with some EXIF tags * some more denial of service (compute time or stack exhaustion) counter-measures added that avoid minutes of decoding time with malformed files found by OSS-Fuzz
0.6.2224 May 2020 15:52 major bugfix: libexif-0.6.22 (2020-05-18): * New translations: ms * Updated translations for most languages * Fixed C89 compatibility * Fixed warnings on recent versions of autoconf * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER * Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others. * CVE-2018-20030: Fix for recursion DoS * CVE-2020-13114: Time consumption DoS when parsing canon array markers * CVE-2020-13113: Potential use of uninitialized memory * CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes * CVE-2020-0093: read overflow * CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs * CVE-2020-12767: fixed division by zero * CVE-2016-6328: fixed integer overflow when parsing maker notes * CVE-2017-7544: fixed buffer overread