Created attachment 224861 [details]
I only suggest we bump to 12.25 which is a development release instead of the latest production release because there is a severe security bug that has only been fixed in development releases.
https://exiftool.org/history.html <-- still lists 12.16 as latest
I am told that this is exploitable with specially crafted files that are not DJVU -- like common formats of JPEG, PNG, etc -- but I haven't found a public PoC for that.
Submitter is a committer.
Created attachment 225118 [details]
Jan. 21, 2021 - Version 12.16 (production release)
(In reply to takefu from comment #2)
but this version is still vulnerable... we shouldn't push a new release missing an important security fix.
Created attachment 225152 [details]
*** Bug 256028 has been marked as a duplicate of this bug. ***