UVCAndroid icon indicating copy to clipboard operation
UVCAndroid copied to clipboard
verified publisher icon shiyinghan

Potential Vulnerability in Cloned Code

Open tabudz opened this issue 1 month ago • 0 comments

Summary

Our tool detected a potential vulnerability in libuvccamera/src/main/jni/libjpeg-turbo/jquant1.c which was cloned from libjpeg-turbo/libjpeg-turbo but did not receive the security patch applied in libjpeg-turbo/libjpeg-turbo. The original issue was reported and fixed under https://nvd.nist.gov/vuln/detail/cve-2017-15232.

Proposed Fix

Apply the same patch as the one in libjpeg-turbo/libjpeg-turbo to eliminate the vulnerability.

Reference

https://nvd.nist.gov/vuln/detail/cve-2017-15232 https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb

tabudz avatar Nov 24 '25 07:11 tabudz