react-native-image-crop-picker icon indicating copy to clipboard operation
react-native-image-crop-picker copied to clipboard

Published 20 hours ago verified publisher icon ivpusic

Critical Security Vulnerability: Outdated libpng 1.6.22 (CVE-2017-12652)

Open Tarun24RN opened this issue 4 months ago • 0 comments

The library is using an outdated version of libpng (1.6.22) through the uCrop dependency, which contains critical security vulnerabilities with a CVSS score of 9.8. Environment

react-native-image-crop-picker version: 0.42.0 React Native version: 0.78.2 Platform: Android (iOS not affected) Build type: Release/Debug

ulnerable Library Found:

  • Library: libpng
  • Version: 1.6.22
  • Location: /config.arm64_v8a.apklib/arm64-v8a/libucrop.so
  • CVE: CVE-2017-12652
  • Severity: Critical (CVSS 9.8)

The vulnerability stems from the uCrop library (com.github.yalantis:ucrop) which bundles libpng 1.6.22. The latest safe version is libpng 1.6.32+.

Tarun24RN avatar Aug 08 '25 08:08 Tarun24RN