- Revenera Community
- :
- InstallShield
- :
- InstallShield Forum
- :
- Re: Vulnerabilities from Libjpeg 6b and madler-zlib – 1.1.4
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
In scanning our code and packages, I found no security vulnerabilities, but our MSI installers do show CVEs related to Libjpeg 6b and madler-zlib 1.1.4. These are not dependencies in our code, but, based on some earlier posts, it seems they are dependencies built into our MSI by InstallShield. We are using InstallShield 2020, for reference.
Is there a way to update these dependencies?
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
If you build an "empty" test installer, ie. Single Feature, Single Component and no files. Then use the same tool to scan it - do you still see the same vulnerabilities?
What tool are you using?
What CVE's are being reported?
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
If you build an "empty" test installer, ie. Single Feature, Single Component and no files. Then use the same tool to scan it - do you still see the same vulnerabilities?
What tool are you using?
What CVE's are being reported?
- Mark as New
- Subscribe
- Mute
- Permalink
- Report Inappropriate Content
The scan had been done by a customer and I didn't have access to the scanning tool. Now that I've been able to scan on my own, I've discovered that the versions used in Installshield are newer and don't have these vulnerabilities - the vulnerabilities came from a different component. Thanks for your help.