libjpeg is outdated causing Vulnerability [🐛]

react-native-image-picker / react-native-image-picker

:sunrise_over_mountains: A React Native module that allows you to use native UI to select media from the device library or directly from the camera.

MIT License

8.48k stars 2.08k forks source link

Open zaidraddad94 opened 1 year ago

zaidraddad94 commented 1 year ago

react-native-image-picker uses libjpeg (1.5.3) which is outdated the security team flag it as a high risk

use the latest version of libjpeg

Johan-dutoit commented 1 year ago

PR welcome

alicja-mruk commented 1 year ago

There are not much libraries causing this, maybe exif https://developer.android.com/reference/androidx/exifinterface/media/package-summary has this outdated version which is causing vulnerability, can someone confirm? Or this is an outdated android package? I checked that the android team updated core 10 weeks ago https://android.googlesource.com/platform/external/libpng/+/81933a9917bef1e3159e35e64579d017b32a87ff @Johan-dutoit I will create a fork with bumped libraries

imfarhanaslam commented 1 year ago

Whats the solution for this high risk should we upgrade react native image picker library version or what please help

hrishi-neo commented 9 months ago

Hello, anyone has any solution for this?

Suresh-Naragonda commented 2 months ago

Does anyone fixed this issue?