1. Home
  2. Forum
  3. ASP.NET Core - EJ 2
  4. LibPng Library Security vulnerability.

LibPng Library Security vulnerability.

Hi ,

We have Identified a security issue caused by the libpng versions 1.6.36 ( CVE-2019-7317)
and the syncfusion library we are using for .Net is referencing this DLL I would like to know if the latest version of the syncfusion library 
has fixed this issue and where I can download the latest version of this library .

3 Replies
GM Gangabharathy Murugasen Syncfusion Team March 2, 2020 11:58 AM UTC

HI Francisco, 
We are unclear about your platform and assembly. So kindly revert us with those details to proceed further. 
 
Regards, 
M. Ganga  


FP Francisco Peinad March 2, 2020 06:23 PM UTC

we are using.net library version 15.3.0.29 along with the WebKitHTMLConverter
this contains a folder called QtBinaries inside this folder there is a filed called Zlib1.
this zlib one looks like contain a reference to libpng dll this issue is reported by the tool blackduck.
\
I have attached the file and include the image as reference.

.

Attachment: zlib1_ed8d72eb.zip

PV Prakash Viswanathan Syncfusion Team March 3, 2020 01:59 PM UTC

Hi Francisco, 
 
Thank you for sharing the details.  
 
No, we did face this issue with our HTML converter earlier. And we do not have any immediate plan to update the QtBinaries to the latest version. If it is not possible to use WebKit rendering engine due to this security issue, kindly try our latest Blink rendering engine for the conversion.  
 
Blink rendering engine internally make use of chromium (chrome) executable for the conversion. Blink rendering engine will preserve the PDF document, like the chrome browser rendering. Please refer below link for more information about Blink rendering engine.  
 
 
Please let us know if you need any further assistance on this.  
 
Regards, 
Prakash V 


Loader.
Up arrow icon