From fb1ad2483303022c75e6b620a69df17e944fc4b0 Mon Sep 17 00:00:00 2001
From: t3tra <admin@t3tra.net>
Date: Wed, 27 Aug 2025 06:25:13 +0900
Subject: [PATCH] Ensure safe ExifTool usage: require >= 12.24 (#1399)

* feat: add version verification for ExifTool to ensure security compliance
* fix: improve ExifTool version verification

---------
---
 .../src/markitdown/converters/_exiftool.py    | 26 +++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/packages/markitdown/src/markitdown/converters/_exiftool.py b/packages/markitdown/src/markitdown/converters/_exiftool.py
index 1af155f..f605024 100644
--- a/packages/markitdown/src/markitdown/converters/_exiftool.py
+++ b/packages/markitdown/src/markitdown/converters/_exiftool.py
@@ -1,7 +1,11 @@
 import json
-import subprocess
 import locale
-from typing import BinaryIO, Any, Union
+import subprocess
+from typing import Any, BinaryIO, Union
+
+
+def _parse_version(version: str) -> tuple:
+    return tuple(map(int, (version.split("."))))
 
 
 def exiftool_metadata(
@@ -13,6 +17,24 @@ def exiftool_metadata(
     if not exiftool_path:
         return {}
 
+    # Verify exiftool version
+    try:
+        version_output = subprocess.run(
+            [exiftool_path, "-ver"],
+            capture_output=True,
+            text=True,
+            check=True,
+        ).stdout.strip()
+        version = _parse_version(version_output)
+        min_version = (12, 24)
+        if version < min_version:
+            raise RuntimeError(
+                f"ExifTool version {version_output} is vulnerable to CVE-2021-22204. "
+                "Please upgrade to version 12.24 or later."
+            )
+    except (subprocess.CalledProcessError, ValueError) as e:
+        raise RuntimeError("Failed to verify ExifTool version.") from e
+
     # Run exiftool
     cur_pos = file_stream.tell()
     try: