Update of libpng and zlib in component PDF #4582
Description
Hello,
we should update libpng, zlib sources which are part of component PDF because the current included versions has several CVEs.
PDF in poco 1.13.3 uses:
- zlib 1.2.3
- libpng 1.2.24
||Severity||Vulnerability Id||CVSS 3 Score||Published||
|Critical|CVE-2022-37434|9,8|05.08.2022|
|Critical|CVE-2010-1205|9,8|30.06.2010|
|Critical|CVE-2017-12652|9,8|10.07.2019|
|High|CVE-2011-2692|8,8|17.07.2011|
|High|CVE-2016-10087|7,5|30.01.2017|
|High|CVE-2015-8472|7,3|21.01.2016|
|Medium|WS-2020-0368|6,5|22.02.2020|
|Medium|CVE-2010-2249|6,5|30.06.2010|
|Medium|CVE-2011-2501|6,5|17.07.2011|
|Medium|CVE-2011-2691|6,5|17.07.2011|
|Medium|CVE-2008-6218|5,9|20.02.2009|
|Medium|CVE-2011-3048|5,6|29.05.2012|
|Medium|CVE-2011-3045|5,6|22.03.2012|
|Medium|CVE-2015-7981|5,3|24.11.2015|
|Medium|CVE-2015-2158|4,9|06.10.2017|
|Low|CVE-2010-0205|3,7|03.03.2010|
|Low|CVE-2008-3964|3,7|11.09.2008|
|Low|CVE-2012-3425|3,7|13.08.2012|
Maybe libharu 2.2.0 should be also updated.
Metadata
Metadata
Assignees
Type
Projects
Status