Skip to content

Ensure safe ExifTool usage: require >= 12.24 #1399

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
afourney merged 3 commits into from
Aug 26, 2025
Merged

Ensure safe ExifTool usage: require >= 12.24 #1399

afourney merged 3 commits into from
Aug 26, 2025

Conversation

@t3tra-dev
Copy link
Contributor

@t3tra-dev t3tra-dev commented Aug 16, 2025

This PR adds safety measures when markitdown invokes ExifTool, to avoid exposure to known issues (e.g., CVE-2021-22204).

  • Changes

    • Run exiftool -ver beforehand and fail fast if the version is below 12.24.

  • Impact

    • On environments without ExifTool or with versions < 12.24, the feature aborts with a clear message.

  • Testing

    • Verify the failure path with ExifTool < 12.24.

    • Verify normal operation with ExifTool ≥ 12.24.

Copilot AI review requested due to automatic review settings August 16, 2025 07:47
Copilot AI reviewed Aug 16, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds version checking for ExifTool to prevent security vulnerabilities by ensuring only safe versions (12.24 or later) are used, protecting against CVE-2021-22204.

  • Adds pre-execution version verification for ExifTool
  • Implements fail-fast behavior when unsafe versions are detected
  • Provides clear error messaging for version-related failures

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@afourney afourney merged commit fb1ad24 into microsoft:main Aug 26, 2025
3 checks passed
azhao25 pushed a commit to azhao25/markitdown that referenced this pull request Oct 16, 2025
@t3tra-dev @azhao25
Ensure safe ExifTool usage: require >= 12.24 (microsoft#1399)
116e744 
* feat: add version verification for ExifTool to ensure security compliance
* fix: improve ExifTool version verification

---------
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@t3tra-dev @afourney