How to remove exif metadata from jpegs using php or command line

There is a method of hacking php using a security flaw in php in how it handles exif meta data embedded in jpeg, png or gif images. You describe this as an EXIF injection attack. As a precaution it is a good idea to strip all EXIF information from any images that are uploaded to your website.

I have found these two tools really useful to do this and this is a quick outline of how we used them:

Removing EXIF meta data from .jpg on Ubuntu / PHP
There is a really good tool called exiftool. There is a version in the Ubuntu repositories – so it is super easy to install.

apt-get install libimage-exiftool-perl

You can then strip exif meta from a jpeg using the command:

exiftool -all=  filename.jpg

So in php this would look like this:

$output = exec(sprintf("exiftool -all= %s", escapeshellarg($_image_path)));

Removing EXIF meta data from .png images on Ubuntu / PHP
The best tool for removing exif information from .pngs is Optipng. You can install optipng on Ubuntu from source using this recipe.

apt-get install optipng

and so again in php it would look something like this:

$output = exec(sprintf('optipng -strip all %s', escapeshellarg($_image_path)));

I hope this helps someone.

One thought to “How to remove exif metadata from jpegs using php or command line”

  1. Dear james

    ..it did help, at lot! Thanx for your post!

    I used it on today on my Debian server on the command line to remove the EXIF data from JPG-files before they’ve been transferd to my webserver.

    It’s cool that “exiftool” automatically creates a copy of the original file..

    Regards from Switzerland,
    Rapha

Leave a Reply