<html> <head> <base href="https://bugs.freedesktop.org/"> </head> <body><table border="1" cellspacing="0" cellpadding="8"> <tr> <th>Bug ID</th> <td><a class="bz_bug_link bz_status_NEW " title="NEW - CxImage component needs update" href="https://bugs.freedesktop.org/show_bug.cgi?id=97628">97628</a> </td> </tr> <tr> <th>Summary</th> <td>CxImage component needs update </td> </tr> <tr> <th>Product</th> <td>Spice </td> </tr> <tr> <th>Version</th> <td>unspecified </td> </tr> <tr> <th>Hardware</th> <td>Other </td> </tr> <tr> <th>OS</th> <td>Windows (All) </td> </tr> <tr> <th>Status</th> <td>NEW </td> </tr> <tr> <th>Severity</th> <td>normal </td> </tr> <tr> <th>Priority</th> <td>medium </td> </tr> <tr> <th>Component</th> <td>win32 agent </td> </tr> <tr> <th>Assignee</th> <td>spice-bugs@lists.freedesktop.org </td> </tr> <tr> <th>Reporter</th> <td>fziglio@redhat.com </td> </tr></table> <p> <div> <pre>We are still relaying on CxImage to copy from/to the clipboard. Beside we use very few features/formats of this library (basically Windows handle from/to raw bmp/png) we are still using version 6.00. There are some problems with this version, mostly that the zlib and libpng versions used are obsolete containing security vulnerability in it. It's not a big issue unless you connect to a malicious server which send some specific crafted images. One problem is that even the last version (7.02) use old versions of these libraries.</pre> </div> </p> <hr> <span>You are receiving this mail because:</span> <ul> <li>You are the assignee for the bug.</li> </ul> </body> </html>