simavi
Level 2

Vulnerabilities from Libjpeg 6b and madler-zlib – 1.1.4

Jump to solution

In scanning our code and packages, I found no security vulnerabilities, but our MSI installers do show CVEs related to Libjpeg 6b and madler-zlib 1.1.4. These are not dependencies in our code, but, based on some earlier posts, it seems they are dependencies built into our MSI by InstallShield. We are using InstallShield 2020, for reference.

Is there a way to update these dependencies?

Labels (1)
0 Kudos
1 Solution
shunt
Revenera Moderator Revenera Moderator
Revenera Moderator

If you build an "empty" test installer, ie. Single Feature, Single Component and no files. Then use the same tool to scan it - do you still see the same vulnerabilities?
What tool are you using?
What CVE's are being reported?

View solution in original post

0 Kudos
2 Replies
shunt
Revenera Moderator Revenera Moderator
Revenera Moderator

If you build an "empty" test installer, ie. Single Feature, Single Component and no files. Then use the same tool to scan it - do you still see the same vulnerabilities?
What tool are you using?
What CVE's are being reported?

0 Kudos

The scan had been done by a customer and I didn't have access to the scanning tool. Now that I've been able to scan on my own, I've discovered that the versions used in Installshield are newer and don't have these vulnerabilities - the vulnerabilities came from a different component. Thanks for your help.

0 Kudos