PdfViewer icon indicating copy to clipboard operation
PdfViewer copied to clipboard

Published 20 hours ago verified publisher icon javacafe01

Potentially vulnerable PDF library used

Open SkewedZeppelin opened this issue 1 year ago • 1 comments

I am going though apps that use old native libraries on F-Droid: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496/

Your app uses com.github.barteksc:android-pdf-viewer:3.2.0 using PDFium@32b639d from 2016-01-14, which seems to have ~55 known security issues. https://github.com/JavaCafe01/PdfViewer/blob/v3.7/app/build.gradle#L79

Newer versions do not seem to be available.

SkewedZeppelin avatar Aug 02 '22 08:08 SkewedZeppelin

I guess this is the reason app is not to be found on F-droid, thank you for protecting us.

Just for info, looks like pdfium is being developed: https://pdfium.googlesource.com/pdfium/+/refs/heads/main

Just android bindings repo is behind, but there is repo that builds android version from origin/HEAD https://github.com/benjinus/android-support-pdfium

I hope it will not be hard to upgrade now when developer is back with finished college 😁

homoludens avatar Aug 06 '23 08:08 homoludens