This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
simavi
Level 2
‎Nov 09, 2021 05:46 PM

Vulnerabilities from Libjpeg 6b and madler-zlib – 1.1.4

Jump to solution

In scanning our code and packages, I found no security vulnerabilities, but our MSI installers do show CVEs related to Libjpeg 6b and madler-zlib 1.1.4. These are not dependencies in our code, but, based on some earlier posts, it seems they are dependencies built into our MSI by InstallShield. We are using InstallShield 2020, for reference.

Is there a way to update these dependencies?

Labels (1)
Labels
0 Kudos
(1) Solution
shunt
Revenera Moderator Revenera Moderator
Revenera Moderator
‎Nov 10, 2021 01:47 AM

Jump to solution

If you build an "empty" test installer, ie. Single Feature, Single Component and no files. Then use the same tool to scan it - do you still see the same vulnerabilities?
What tool are you using?
What CVE's are being reported?

View solution in original post

0 Kudos
(2) Replies
shunt
Revenera Moderator Revenera Moderator
Revenera Moderator
‎Nov 10, 2021 01:47 AM

Jump to solution

If you build an "empty" test installer, ie. Single Feature, Single Component and no files. Then use the same tool to scan it - do you still see the same vulnerabilities?
What tool are you using?
What CVE's are being reported?

0 Kudos
simavi
Level 2
In response to shunt
‎Nov 12, 2021 01:56 PM

Jump to solution

The scan had been done by a customer and I didn't have access to the scanning tool. Now that I've been able to scan on my own, I've discovered that the versions used in Installshield are newer and don't have these vulnerabilities - the vulnerabilities came from a different component. Thanks for your help.

0 Kudos