search

ivpusic / react-native-image-crop-picker

iOS/Android image picker with support for camera, video, configurable compression, multiple images and cropping
MIT License
6.1k stars 1.55k forks source link

Outdated libpng Library causing Security Vulnerability in Android #1840

Open e-pradeep opened 2 years ago

e-pradeep commented 2 years ago

The library "uCrop" was found to be using a vulnerable version of the libpng library.

The library does not properly validate the information that it processes which can lead to unintended access or potentially malicious code being run. This test specifically checks for versions < 1.6.32 because of the specific CVE which calls that version out.

However, earlier versions prior to 1.5.26 will also potentially prevent an app from being published to the Google Play Store. Recommendation is toUpdate the version of libpng being used in the app to 1.6.32 or greater.

"react-native-image-crop-picker" - v0.35.3

alicja-mruk commented 1 year ago

Any idea how to do it in the native library? Should the new .so files be generated?