Potentially vulnerable PDF library used #28
Comments
|
@SkewedZeppelin yes, I know about the security issue, and I'm searching a new library which can replace the current one, with same performance of opening and viewing. Can you suggest something? |
|
Up-to-date versions of MuPDF, iTextPDF, and PDFBox are options, although I haven't implemented them and wouldn't know their features or performance characteristics. |
|
@SkewedZeppelin Thanks! I'll see about those and try something 😄 |
|
Wondered what the progress is with the fixing of this bug. I really like this app and would love for it to be safe to use again. |
|
@AxeldeWater Hi! Sorry for the waiting |
|
@Sav22999 any news? last version still vulnerable? |
|
@f242 I'm looking for, I was trying to implement with muPdF (or similar) but it's complicated |
|
Not going to lie, reading the app description and title going about how safe the app is adds a touch of irony (and confusion) when one sees the security alert on the bottom |
|
F-Droid will remove your app via the above commit. Not because it is unsafe - that is not an issue - but because the Pdfium library is not built from source. And unfortunately this seems impossible with a simple build process... We managed to build from source, but it is too complex to understand. See |
|
What a shitshow... Also, removing an app from the store without warning the users may lead to users blindly think their app are updated by the store and feel safe, while they aren't anymore... |
|
+8 months and no change? :( |
|
New release: https://github.com/Sav22999/sav-pdf-viewer-pro/releases/tag/1.13.2 without fixing this? |
|
@yozachar To fix this issue it's required to replace the PDF library. I tried some others but I continue to prefer this (the other libraries are slower or doesn't have some features). I'm continuing, anyway, to look for a new open source library. I'm sorry. |
|
If it helps, I found this fork of the library used in this project, the fork has been updated, text search and other functions have been implemented. https://github.com/TEA-ebook/AndroidPdfViewer Could someone try? Having text search as well would be very helpful |
|
@gigisforza70 Thank you very much. I'll see it asap 💪👍 |
|
|
pdfium is not built from source by lion1988dev either, which was the reason for F-Droid to remove the app. |
|
@woheller69 |
|
For MjPdf wie managed to build pdfium from source but F-Droid does not like the build tools required. See link above. |
I am going though apps that use old native libraries on F-Droid: https://gitlab.com/fdroid/fdroiddata/-/merge_requests/11496/
Your app uses com.github.barteksc:android-pdf-viewer:2.8.2 using PDFium@32b639d from 2016-01-14, which seems to have ~55+ known security issues.
https://github.com/Sav22999/sav-pdf-viewer-pro/blob/1.9/app/build.gradle#L54
This was mentioned in #12, #20, and #25 but closed.
Newer versions do not seem to be available.
The text was updated successfully, but these errors were encountered: