The library "uCrop" was found to be using a vulnerable version of the libpng library.
The library does not properly validate the information that it processes which can lead to unintended access or potentially malicious code being run. This test specifically checks for versions < 1.6.32 because of the specific CVE which calls that version out.
However, earlier versions prior to 1.5.26 will also potentially prevent an app from being published to the Google Play Store.
Recommendation is toUpdate the version of libpng being used in the app to 1.6.32 or greater.
The library "uCrop" was found to be using a vulnerable version of the libpng library.
The library does not properly validate the information that it processes which can lead to unintended access or potentially malicious code being run. This test specifically checks for versions < 1.6.32 because of the specific CVE which calls that version out.
However, earlier versions prior to 1.5.26 will also potentially prevent an app from being published to the Google Play Store. Recommendation is toUpdate the version of libpng being used in the app to 1.6.32 or greater.
"react-native-image-crop-picker" - v0.35.3