react-native-image-crop-picker icon indicating copy to clipboard operation
react-native-image-crop-picker copied to clipboard

Published 20 hours ago verified publisher icon ivpusic

Outdated "libpng" Library Contains Known Security Flaw in "uCrop"

Open A-Yatsyk opened this issue 3 years ago • 3 comments

Version

  • react-native-image-crop-picker v0.37.3
  • react-native v0.67.4

Platform

  • Android

Expected behaviour

No Known Security Flaw

Actual behaviour

The library "uCrop" contains known security flaw related to "libpng". Vulnerable was fixed in 1.6.32 uCrop Issue

Attachments

Screenshot 2022-06-09 at 10 04 14

A-Yatsyk avatar Jun 09 '22 07:06 A-Yatsyk

@ivpusic is there any update on this issue? we are also facing the same issue with the libcrop.

A new version of uCrop (2.2.8-native) is available, may an update to this version will fix this issue. Could you please help us update the version and create a new npm build.

cc: @faizr

midhunm-c avatar Jul 14 '22 10:07 midhunm-c

Hi @midhunm-c , no 2.2.8 is pretty old version and contain same issue with library. We need uCrop library maintainers help so they could resolve this issue.

oleksandr-dziuban avatar Jul 14 '22 19:07 oleksandr-dziuban

Any update on this ticket?

e-pradeep avatar Aug 16 '22 12:08 e-pradeep

Any update how to do it in the ucrop native package? @oleksandr-dziuban

alicja-mruk avatar Jan 23 '23 17:01 alicja-mruk

@alicja-mruk were you able to get a solution for this?

aryalprakash avatar Feb 16 '23 17:02 aryalprakash

@aryalprakash you need to recompile the library with the latest version of libpng

alicja-mruk avatar Feb 16 '23 18:02 alicja-mruk

Hi, @alicja-mruk Not sure about this. Seems like libpng is dependency of ucrop library

oleksandr-dziuban avatar Feb 26 '23 15:02 oleksandr-dziuban