Outdated "libpng" Library Contains Known Security Flaw

[hsa1280]

Hello,

I am using https://github.com/wonday/react-native-pdf for pdf display. This package uses AndroidPdfViewer to handle PDF display on Android. I got this error with secure report: Outdated "libpng" Library Contains Known Security Flaw

The libpng version I am using is 1.6.22.

The recommended fix is to use libpng of 1.6.32 or greater, which version of libpng are you using in your package and when do you plan to upgrade if it is below 1.6.22?

Thank you and looking forward to your reply.

[TalbotGooday]

Hello! Sorry for the long answer. Actually I didn't plan to update anything since I made this fork, migrated to the AndroidX and fixed some crashes. I just don't have enough time to do this. BUT, if you will open a PR here with updated libpng lib I will create an update. Thanks for understanding :sweat_smile:

[hsa1280]

@TalbotGooday Thanks for the reply. Based on this discussions https://github.com/barteksc/AndroidPdfViewer/issues/1023, I realized that it is PDFium uses libpng library. And AndroidPdfViewer use PDFium for decoding PDF files.

I cloned your repo and searched for libpng keyword, no result found. So I have two questions:

1. From your previous comment, I can't find libpng in AndroidPdfViewer, can you please tell me where is it?
2. If libpng is not in AndroidPdfViewer but it is used in PDFium, how can I update libpng?

[amgad-naiem]

@hsa1280 The libpng library is prebuild as libmodpng.so and loaded here

The libmodpng.so files are prebuilt for different architechtures here https://github.com/TalbotGooday/PdfiumAndroid/tree/master/src/main/jni/lib