Critical Security Vulnerability: Outdated libpng 1.6.22 (CVE-2017-12652)

The library is using an outdated version of libpng (1.6.22) through the uCrop dependency, which contains critical security vulnerabilities with a CVSS score of 9.8.
Environment

react-native-image-crop-picker version: 0.42.0
React Native version: 0.78.2
Platform: Android (iOS not affected)
Build type: Release/Debug

ulnerable Library Found:
- Library: libpng
- Version: 1.6.22
- Location: /config.arm64_v8a.apklib/arm64-v8a/libucrop.so
- CVE: CVE-2017-12652
- Severity: Critical (CVSS 9.8)

The vulnerability stems from the uCrop library (com.github.yalantis:ucrop) which bundles libpng 1.6.22. The latest safe version is libpng 1.6.32+.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Critical Security Vulnerability: Outdated libpng 1.6.22 (CVE-2017-12652) #2186

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Critical Security Vulnerability: Outdated libpng 1.6.22 (CVE-2017-12652) #2186

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions