search

max-kammerer / orion-viewer

Orion Viewer is pdf, djvu, xps, cbz and tiff file viewer for Android devices based on mupdf and DjVuLibre libraries
Other
159 stars 52 forks source link

Potentially vulnerable PDF library used #40

Closed SkewedZeppelin closed 11 months ago

SkewedZeppelin commented 2 years ago

I am going though apps that use old native libraries on F-Droid: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496/

Your app uses MuPDF 1.16.1 from 2019-08-02, which seems to have ~5 known security issues. https://github.com/max-kammerer/orion-viewer/commits/0.81.2_fdroid/nativeLibs/mupdfModule

Newer versions are available: https://mupdf.com/releases/history.html

max-kammerer commented 2 years ago

@SkewedZeppelin Thank you for the report!

max-kammerer commented 11 months ago

@SkewedZeppelin Thank you for the report! Orion 0.82.1 is shipped with mupdf 1.23.3