it is remarkable, that even the most simple tool, like exiftool seems to have (had?) a serious security problem:
“Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image” (src CVE-2021-22204)
“After a deep security research by Cysource research team led by Shai Alfasi & Marlon Fabiano da Silva, we found a way to execute commands remotely within (through) VirusTotal platform and gain access to its various scans capabilities.” (src)
possible alternatives:
metacam/oldstable 1.2-11 amd64 extract EXIF information from digital camera files pngmeta/oldstable 1.11-9 amd64 Display metadata information from PNG images exifprobe/oldstable 2.0.1+git20170416.3c2b769-3 amd64 read metadata from digital pictures atomicparsley/oldstable 0.9.6-2 amd64 read, parse and set metadata of MPEG-4 and 3gp files exiv2/oldstable,oldstable 0.25-4+deb10u2 amd64 EXIF/IPTC/XMP metadata manipulation tool extract/oldstable 1:1.8-2+deb10u1 amd64 displays meta-data from files of arbitrary type manpage: extract.man.txt Currently, libextractor supports the following formats: HTML, MAN, PS, DVI, OLE2 (DOC, XLS, PPT), OpenOffice (sxw), StarOffice (sdw), FLAC, MP3 (ID3v1 and ID3v2), OGG, WAV, S3M (Scream Tracker 3), XM (eXtended Module), IT (Impulse Tracker), NSF(E) (NES music), SID (C64 music), EXIV2, JPEG, GIF, PNG, TIFF, DEB, RPM, TAR(.GZ), LZH, LHA, RAR, ZIP, CAB, 7-ZIP, AR, MTREE, PAX, CPIO, ISO9660, SHAR, RAW, XAR FLV, REAL, RIFF (AVI), MPEG, QT and ASF. . Also, various additional MIME types are detected. It can also be used to compute hash functions (SHA-1, MD5, ripemd160). flvmeta/oldstable 1.2.1-1 amd64 Metadata injector for FLV video files golang-github-rwcarlsen-goexif-dev/oldstable 0.0~git20180410.fb35d3c-1 all Decode embedded EXIF meta data from image files with Go libimage-info-perl/oldstable 1.41-1 all allows extraction of meta information from image files libimage-metadata-jpeg-perl/oldstable 0.153-1 all Perl extension for showing/modifying JPEG (meta)data libiptcdata-bin/oldstable 1.0.5-2.1 amd64 Library to parse IPTC metadata (programs) libkf5filemetadata-bin/oldstable 5.54.0-1 amd64 library for extracting file metadata oidua/oldstable 0.16.1-9 amd64 audio file metadata lister pinot/oldstable 1.05-2+b1 amd64 meta-search engine for local files and web queries pypy-mutagen/oldstable 1.40.0-2 all audio metadata editing library (PyPy) python-enzyme/oldstable 0.4.1-1.1 all video metadata parser (Python 2) python-extractor/oldstable 1:0.6-7 all extracts meta-data from files of arbitrary type (Python bindings) python3-unidiff/oldstable 0.5.4-1 all Unified diff Python parsing/metadata extraction library (Python 3) tracker/oldstable 2.1.8-2 amd64 metadata database, indexer and search tool searx/oldstable 0.15.0+dfsg1-1 all Privacy-respecting metasearch engine
identify
identify -verbose image.jpg
manpage: identify.man.txt
sample output:
Image: image.jpg Format: JPEG (Joint Photographic Experts Group JFIF format) Mime type: image/jpeg Class: DirectClass Geometry: 1079x1492+0+0 Units: Undefined Colorspace: sRGB Type: TrueColor Base type: Undefined Endianess: Undefined Depth: 8-bit Channel depth: red: 8-bit green: 8-bit blue: 8-bit Channel statistics: Pixels: 1609868 Red: min: 0 (0) max: 255 (1) mean: 207.997 (0.815675) standard deviation: 51.694 (0.202722) kurtosis: 2.23547 skewness: -1.5541 entropy: 0.762034 Green: min: 0 (0) max: 255 (1) mean: 212.443 (0.833108) standard deviation: 54.2473 (0.212735) kurtosis: 3.19531 skewness: -1.96383 entropy: 0.745143 Blue: min: 0 (0) max: 255 (1) mean: 212.848 (0.834699) standard deviation: 57.6229 (0.225972) kurtosis: 2.94743 skewness: -1.94283 entropy: 0.759852 Image statistics: Overall: min: 0 (0) max: 255 (1) mean: 211.096 (0.827827) standard deviation: 54.5214 (0.213809) kurtosis: 2.81349 skewness: -1.83174 entropy: 0.755676 Rendering intent: Perceptual Gamma: 0.454545 Chromaticity: red primary: (0.64,0.33) green primary: (0.3,0.6) blue primary: (0.15,0.06) white point: (0.3127,0.329) Background color: white Border color: srgb(223,223,223) Matte color: grey74 Transparent color: black Interlace: None Intensity: Undefined Compose: Over Page geometry: 1079x1492+0+0 Dispose: Undefined Iterations: 0 Compression: JPEG Quality: 92 Orientation: Undefined Properties: date:create: 2022-03-14T16:40:17+01:00 date:modify: 2021-12-02T21:48:33+01:00 icc:copyright: Google Inc. 2016 icc:description: sRGB jpeg:colorspace: 2 jpeg:sampling-factor: 2x2,1x1,1x1 signature: 1a5b384d7ef53e2bf76b90e95edf62c9e4e019654df053aac1fc8c04d61b8ede Profiles: Profile-icc: 536 bytes Artifacts: filename: image.jpg verbose: true Tainted: False Filesize: 199805B Number pixels: 1.60987M Pixels per second: 80.4934MB User time: 0.010u Elapsed time: 0:01.019 Version: ImageMagick 6.9.10-23 Q16 x86_64 20190101 https://imagemagick.org
exiftool
su - root apt install exiftool # remove all metadata of all *jpg files in current dir exiftool -all= -overwrite_original -ext jpg . # remove metedata for all *jpg/*JPG files in current dir and subdirs exiftool -all= -r -overwrite_original -ext jpg . # remove metedata for all *png/*PNG files in current dir and subdirs exiftool -all= -r -overwrite_original -ext png . # remove metedata for all *bmp/*BMP files in current dir and subdirs exiftool -all= -r -overwrite_original -ext bmp . # remove metedata for all *gif/*GIF files in current dir and subdirs exiftool -all= -r -overwrite_original -ext gif .
manpage: exiftool.man.txt
meta infos in
- picture.jpg
- picture.tiff
- picture.gif (according to Wiki not, but scroll down for an example)
- but also movie.avi and movie.mp4
… can contain quiet a lot of sensitive data:
- what date the picture was taken
- with what camera/phone (Samsung Galaxy S3 did that)
- maybe even: GPS info/location of the picture
- who/what tools processed the picture
of course as always, this data can be put to good or bad use
privacy wise it would be probably the best to simply delete it all
“According to documents leaked by Edward Snowden, the NSA is targeting Exif information under the XKeyscore program.[22]“
“The privacy problem of Exif data can be avoided by removing the Exif data using a metadata removal tool.[23]”
“Exif tag contains metadata about the photo, it can pose a privacy problem. For example, a photo taken with a GPS-enabled camera can reveal the exact location and time it was taken, and the unique ID number of the device – this is all done by default – often without the user’s knowledge.”
(prominent case: John McAfee was arrested in Guatemala
(after VICE Magazin journalists were unaware they were leaking their GPS location via picture Exif meta data … while this data can be used to find criminals… it could also endanger whistleblowers to cooperate with journalists that are unaware of Exif meta data in pictures)
a picture within a picture: “Photo manipulation software sometimes fails to update the embedded thumbnail after an editing operation, possibly causing the user to inadvertently publish compromising information.[13] For example, someone might blank out a licence registration plate of a car (for privacy concerns), only to have the thumbnail not so updated, meaning the information is still visible.” (src: wikipedia.org)
how to remove exif meta data from pictures:
# gnu linux debian 10 tested su - root; apt update; apt install libimage-exiftool-perl # rpm/fedora/redhat/centos tested yum update yum install perl-Image-ExifTool.noarch # remove all metadata of all *jpg files in current dir exiftool -all= -overwrite_original -ext jpg . # show meta data of the above picture exiftool Exif_meta_info_data_from_jpg_png_tiff_bmp_pictures.jpg ExifTool Version Number : 11.16 File Name : Exif_meta_info_data_from_jpg_png_tiff_bmp_pictures.jpg Directory : . File Size : 189 kB File Modification Date/Time : 2021:02:18 00:22:56+01:00 File Access Date/Time : 2021:02:18 00:22:56+01:00 File Inode Change Date/Time : 2021:02:18 00:22:56+01:00 File Permissions : rw-r--r-- File Type : JPEG File Type Extension : jpg MIME Type : image/jpeg JFIF Version : 1.01 Exif Byte Order : Little-endian (Intel, II) X Resolution : 300 Y Resolution : 300 Resolution Unit : inches Software : GIMP 2.10.8 Modify Date : 2021:02:18 00:22:55 GPS Latitude : 0 deg 0' 0.00" GPS Longitude : 0 deg 0' 0.00" GPS Altitude : 0 m Compression : JPEG (old-style) Photometric Interpretation : YCbCr Samples Per Pixel : 3 Thumbnail Offset : 370 Thumbnail Length : 10400 XMP Toolkit : XMP Core 4.4.0-Exiv2 Digital Source Type : http://cv.iptc.org/newscodes/digitalsourcetype/digitalCapture Document ID : gimp:docid:gimp:f5e2799d-1311-429c-a978-cd1abe2ee074 <- wtf is this? Instance ID : xmp.iid:e5134e69-a909-4fc5-a0ba-d16d9a4e08ea <- wtf is this? Original Document ID : xmp.did:15edc5ad-7fe5-49a5-acec-a4f426ab35a1 <- wtf is this? Model Release Status : None Api : 2.0 Platform : Linux Time Stamp : 1613604176114808 Version : 2.10.8 Format : image/jpeg Creator Tool : GIMP 2.10 Location Created : Location Shown : Artwork Or Object : Registry ID : History Action : saved, saved History Changed : /metadata, / History Instance ID : xmp.iid:5f6344dd-69d6-4572-8bd7-67b5917ee436, xmp.iid:d8a8173d-ab29-497c-a95a-9a41ef119791 History Software Agent : Gimp 2.10 (Linux), Gimp 2.10 (Linux) History When : +01:00, +01:00 Image Supplier : Image Creator : Copyright Owner : Licensor : Description : The Matrix has you! Title : EXIF-O-MATIC Image Width : 1014 Image Height : 669 Encoding Process : Progressive DCT, Huffman coding Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : YCbCr4:4:4 (1 1) Image Size : 1014x669 Megapixels : 0.678 Thumbnail Image : (Binary data 10400 bytes, use -b option to extract) GPS Position : 0 deg 0' 0.00", 0 deg 0' 0.00" exiftool example_image.jpg ExifTool Version Number : 11.16 File Name : example_image.jpg Directory : . File Size : 35 kB File Modification Date/Time : 2021:02:17 13:31:39+01:00 File Access Date/Time : 2021:02:17 13:31:41+01:00 File Inode Change Date/Time : 2021:02:17 13:31:39+01:00 File Permissions : rw-r--r-- File Type : JPEG File Type Extension : jpg MIME Type : image/jpeg JFIF Version : 1.01 Exif Byte Order : Little-endian (Intel, II) Image Description : Processed By X with ImageMagick, z1.1.0. ||B2 X Resolution : 72 Y Resolution : 72 Resolution Unit : inches Software : GIMP 2.10.8 Modify Date : 2021:02:17 13:31:39 User Comment : Processed By X with ImageMagick, z1.1.0. ||B2 Compression : JPEG (old-style) Photometric Interpretation : YCbCr Samples Per Pixel : 3 Thumbnail Offset : 408 Thumbnail Length : 5490 Image Width : 512 Image Height : 382 Encoding Process : Progressive DCT, Huffman coding Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : YCbCr4:4:4 (1 1) Image Size : 512x382 Megapixels : 0.196 Thumbnail Image : (Binary data 5490 bytes, use -b option to extract) # another example exiftool example_image2.jpg ExifTool Version Number : 11.16 File Name : example_image2.jpg Directory : . File Size : 73 kB File Modification Date/Time : 2020:07:30 17:27:43+02:00 File Access Date/Time : 2021:02:17 13:41:08+01:00 File Inode Change Date/Time : 2021:02:17 13:41:08+01:00 File Permissions : rw-r--r-- File Type : JPEG File Type Extension : jpg MIME Type : image/jpeg JFIF Version : 1.01 Exif Byte Order : Big-endian (Motorola, MM) Orientation : Horizontal (normal) X Resolution : 100 Y Resolution : 100 Resolution Unit : inches Software : Paint.NET v3.5.2 Compression : JPEG (old-style) Thumbnail Offset : 232 Thumbnail Length : 5286 Profile CMM Type : Linotronic Profile Version : 2.1.0 Profile Class : Display Device Profile Color Space Data : RGB Profile Connection Space : XYZ Profile Date Time : 1998:02:09 06:49:00 Profile File Signature : acsp Primary Platform : Microsoft Corporation CMM Flags : Not Embedded, Independent Device Manufacturer : Hewlett-Packard Device Model : sRGB Device Attributes : Reflective, Glossy, Positive, Color Rendering Intent : Perceptual Connection Space Illuminant : 0.9642 1 0.82491 Profile Creator : Hewlett-Packard Profile ID : 0 Profile Copyright : Copyright (c) 1998 Hewlett-Packard Company Profile Description : sRGB IEC61966-2.1 Media White Point : 0.95045 1 1.08905 Media Black Point : 0 0 0 Red Matrix Column : 0.43607 0.22249 0.01392 Green Matrix Column : 0.38515 0.71687 0.09708 Blue Matrix Column : 0.14307 0.06061 0.7141 Device Mfg Desc : IEC http://www.iec.ch Device Model Desc : IEC 61966-2.1 Default RGB colour space - sRGB Viewing Cond Desc : Reference Viewing Condition in IEC61966-2.1 Viewing Cond Illuminant : 19.6445 20.3718 16.8089 Viewing Cond Surround : 3.92889 4.07439 3.36179 Viewing Cond Illuminant Type : D50 Luminance : 76.03647 80 87.12462 Measurement Observer : CIE 1931 Measurement Backing : 0 0 0 Measurement Geometry : Unknown Measurement Flare : 0.999% Measurement Illuminant : D65 Technology : Cathode Ray Tube Display Red Tone Reproduction Curve : (Binary data 2060 bytes, use -b option to extract) Green Tone Reproduction Curve : (Binary data 2060 bytes, use -b option to extract) Blue Tone Reproduction Curve : (Binary data 2060 bytes, use -b option to extract) Image Width : 477 Image Height : 407 Encoding Process : Baseline DCT, Huffman coding Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2) Image Size : 477x407 Megapixels : 0.194 Thumbnail Image : (Binary data 5286 bytes, use -b option to extract) # another example from lineageOS on Nexus 6p exiftool example_image3.jpg ExifTool Version Number : 11.16 File Name : example_image3.jpg Directory : . File Size : 778 kB File Modification Date/Time : 2021:02:17 13:46:18+01:00 File Access Date/Time : 2021:02:17 13:49:50+01:00 File Inode Change Date/Time : 2021:02:17 13:49:50+01:00 File Permissions : rw-r--r-- File Type : JPEG File Type Extension : jpg MIME Type : image/jpeg JFIF Version : 1.01 Resolution Unit : None X Resolution : 1 Y Resolution : 1 Profile CMM Type : Profile Version : 2.1.0 Profile Class : Display Device Profile Color Space Data : RGB Profile Connection Space : XYZ Profile Date Time : 0000:00:00 00:00:00 Profile File Signature : acsp Primary Platform : Unknown () CMM Flags : Not Embedded, Independent Device Manufacturer : Device Model : Device Attributes : Reflective, Glossy, Positive, Color Rendering Intent : Media-Relative Colorimetric Connection Space Illuminant : 0.9642 1 0.82491 Profile Creator : Profile ID : 0 Profile Description : sRGB Red Matrix Column : 0.43607 0.2225 0.01393 Green Matrix Column : 0.38506 0.71687 0.09709 Blue Matrix Column : 0.14307 0.06061 0.71417 Red Tone Reproduction Curve : (Binary data 40 bytes, use -b option to extract) Green Tone Reproduction Curve : (Binary data 40 bytes, use -b option to extract) Blue Tone Reproduction Curve : (Binary data 40 bytes, use -b option to extract) Media White Point : 0.9642 1 0.82491 Profile Copyright : Google Inc. 2016 Image Width : 3024 Image Height : 777 Encoding Process : Baseline DCT, Huffman coding Bits Per Sample : 8 Color Components : 3 Y Cb Cr Sub Sampling : YCbCr4:2:0 (2 2) Image Size : 3024x777 Megapixels : 2.3 # an gif metadata example exiftool file.gif ExifTool Version Number : 12.00 File Name : file.gif Directory : . File Size : 6.1 MB File Modification Date/Time : 2020:02:13 20:52:17+01:00 File Access Date/Time : 2020:08:07 08:54:40+02:00 File Inode Change Date/Time : 2020:11:05 13:17:17+01:00 File Permissions : rw-r--r-- File Type : GIF File Type Extension : gif MIME Type : image/gif GIF Version : 89a Image Width : 500 Image Height : 250 Has Color Map : Yes Color Resolution Depth : 8 Bits Per Pixel : 8 Background Color : 255 Animation Iterations : Infinite Frame Count : 81 Image Size : 500x250 Megapixels : 0.125 # another example for movie.avi # exiftool can not remove meta data from avi # "Error: Writing of AVI files is not yet supported" exiftool movie.avi ExifTool Version Number : 11.16 File Name : movie.avi Directory : . File Size : 7.0 MB File Modification Date/Time : 2020:11:17 21:25:30+01:00 File Access Date/Time : 2021:02:17 21:29:55+01:00 File Inode Change Date/Time : 2021:02:17 23:17:37+01:00 File Permissions : rw-r--r-- File Type : AVI File Type Extension : avi MIME Type : video/x-msvideo Frame Rate : 15.057 Max Data Rate : 307 kB/s Frame Count : 396 Stream Count : 2 Stream Type : Video Video Codec : mjpg Video Frame Rate : 15.057 Video Frame Count : 396 Quality : 10000 Sample Size : Variable BMP Version : Windows V3 Image Width : 320 Image Height : 240 Planes : 1 Bit Depth : 24 Compression : MJPG Image Length : 230400 Pixels Per Meter X : 0 Pixels Per Meter Y : 0 Num Colors : Use BitDepth Num Important Colors : All Audio Codec : Audio Sample Rate : 8000 Audio Sample Count : 210400 Encoding : Microsoft PCM Num Channels : 1 Sample Rate : 8000 Avg Bytes Per Sec : 8000 Bits Per Sample : 8 Date/Time Original : 2006:06:24 18:47:00 Software : CASIO EX-Z40 Duration : 26.30 s Image Size : 320x240 Megapixels : 0.077 # show metedata for all *jpg files in current dir exiftool -ext jpg # show metedata for all *jpg files in current dir and subdirs exiftool -r -ext jpg . # remove all metadata of a image file exiftool -all= -overwrite_original example_image.jpg # remove all metadata of all *jpg files in current dir exiftool -all= -overwrite_original -ext jpg . # remove metedata for all *jpg/*JPG files in current dir and subdirs exiftool -all= -r -overwrite_original -ext jpg . # remove metedata for all *png/*PNG files in current dir and subdirs exiftool -all= -r -overwrite_original -ext png . # remove metedata for all *bmp/*BMP files in current dir and subdirs exiftool -all= -r -overwrite_original -ext bmp . # remove metedata for all *gif/*GIF files in current dir and subdirs exiftool -all= -r -overwrite_original -ext gif .
remove exif meta data from movie.mp4
# install ffmpeg apt update apt install ffmpeg # create new script file vim /scripts/meta_remove.mp4.sh chmod +x vim /scripts/*.sh for f in *.mp4; do ffmpeg -i "$f" -map_metadata -1 -c:v copy -c:a copy "fixed_$f"; done # cd into dir where the *.mp4 is that should get re-encoded without the exif meta data cd /home/user/Videos/*.mp4 # then run the script /scripts/meta_remove.mp4.sh # test if the result file works # then manually delete the source file
creditz:
http://xahlee.info/img/metadata_in_image_files.html
Links:
“The International Press Telecommunications Council (IPTC), based in London, United Kingdom, is a consortium of the world’s major news agencies, other news providers and news industry vendors and acts as the global standards body of the news media.” (src)
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!