search

pocoproject / poco

The POCO C++ Libraries are powerful cross-platform C++ libraries for building network- and internet-based applications that run on desktop, server, mobile, IoT, and embedded systems.
https://pocoproject.org
Other
8.04k stars 2.11k forks source link

Update of libpng and zlib in component PDF #4582

Open Spaky opened 3 weeks ago

Spaky commented 3 weeks ago

Hello,

we should update libpng, zlib sources which are part of component PDF because the current included versions has several CVEs. PDF in poco 1.13.3 uses:

||Severity||Vulnerability Id||CVSS 3 Score||Published|| |Critical|CVE-2022-37434|9,8|05.08.2022| |Critical|CVE-2010-1205|9,8|30.06.2010| |Critical|CVE-2017-12652|9,8|10.07.2019| |High|CVE-2011-2692|8,8|17.07.2011| |High|CVE-2016-10087|7,5|30.01.2017| |High|CVE-2015-8472|7,3|21.01.2016| |Medium|WS-2020-0368|6,5|22.02.2020| |Medium|CVE-2010-2249|6,5|30.06.2010| |Medium|CVE-2011-2501|6,5|17.07.2011| |Medium|CVE-2011-2691|6,5|17.07.2011| |Medium|CVE-2008-6218|5,9|20.02.2009| |Medium|CVE-2011-3048|5,6|29.05.2012| |Medium|CVE-2011-3045|5,6|22.03.2012| |Medium|CVE-2015-7981|5,3|24.11.2015| |Medium|CVE-2015-2158|4,9|06.10.2017| |Low|CVE-2010-0205|3,7|03.03.2010| |Low|CVE-2008-3964|3,7|11.09.2008| |Low|CVE-2012-3425|3,7|13.08.2012|

Maybe libharu 2.2.0 should be also updated.