Chromium Embedded Framework Forum

Forum for support and discussion of the Chromium Embedded Framework (CEF)
Visit the CEF Project Site to download CEF and report issues.

Skip to content

CVE-2015-8540, libcef.dll in 113.0.5672.129 version.

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.
Forum rules
Post a reply

CVE-2015-8540, libcef.dll in 113.0.5672.129 version.

Postby xiexl1 » Tue Jun 27, 2023 1:20 am

I download cef_binary_113.3.5+g0b33855+chromium-113.0.5672.129_windows64 from "https://cef-builds.spotifycdn.com/cef_binary_113.3.5%2Bg0b33855%2Bchromium-113.0.5672.129_windows64.tar.bz2".
Blackduck scan libcef.dll, it found libpng 1.2.13.
So I download the 5672 branch source code of chromium by depot_tools.

1) download script below:
Code: Select all
set CEF_USE_GN=1
set GN_DEFINES=is_official_build=true
set GN_ARGUMENTS=--ide=vs2019 --sln=cef --filters=//cef/*
python ..\automate\automate-git.py --download-dir=d:\code\chromium_git --depot-tools-dir=d:\code\depot_tools --no-distrib --no-build  --no-depot-tools-update --branch=5672  --force-clean --force-update


2) use the script to generate the cef solution.
Code: Select all
set GN_DEFINES=is_official_build=true is_component_build=false
# Use vs2017 or vs2019 as appropriate.
set GN_ARGUMENTS=--ide=vs2019 --sln=cef --filters=//cef/*
call cef_create_projects.bat


3) ninja -C out\Release_GN_x64 cef and ninja -C out\Debug_GN_x64 cef
4) make_distrib.bat --ninja-build --x64-build
all steps work well.
I got libcef.dll, and Blackduck scan libcef.dll. It also found libpng 1.2.13. It is so strange.
I checked the libpng version in "code\chromium_git\chromium\src\third_party\libpng". The version is 1.6.37.
So I don't know why libcef link libpng 1.2.13.
How can i resolve it?
xiexl1
Newbie
 
Posts: 2
Joined: Tue Jun 27, 2023 12:49 am
Top

Re: CVE-2015-8540, libcef.dll in 113.0.5672.129 version.

Postby magreenblatt » Tue Jun 27, 2023 3:45 am

Sounds like Blackduck scan is wrong.
magreenblatt
Site Admin
 
Posts: 12409
Joined: Fri May 29, 2009 6:57 pm
Top

Re: CVE-2015-8540, libcef.dll in 113.0.5672.129 version.

Postby xiexl1 » Tue Jun 27, 2023 3:57 am

I once do another compile:

1) download script below:
Code: Select all
set CEF_USE_GN=1
set GN_DEFINES=is_component_build=true
set GN_ARGUMENTS=--ide=vs2019 --sln=cef --filters=//cef/*
python ..\automate\automate-git.py --download-dir=d:\code\chromium_git --depot-tools-dir=d:\code\depot_tools --no-distrib --no-build  --no-depot-tools-update --branch=5672  --force-clean --force-update



2) use the script to generate the cef solution.
Code: Select all
set GN_DEFINES=is_component_build=true
# Use vs2017 or vs2019 as appropriate.
set GN_ARGUMENTS=--ide=vs2019 --sln=cef --filters=//cef/*
call cef_create_projects.bat



3) ninja -C out\Release_GN_x64 cef and ninja -C out\Debug_GN_x64 cef
All steps work well.
Blackduck scan all the dlls in "code\chromium_git\chromium\src\out\Release_GN_x64", CVE-2015-8540 was lost. Blankduck can not found libpng 1.2.13.
So I think maybe some module link libpng 1.2.13 by "is_official_build= true" parameter.
xiexl1
Newbie
 
Posts: 2
Joined: Tue Jun 27, 2023 12:49 am
Top

Re: CVE-2015-8540, libcef.dll in 113.0.5672.129 version.

Postby magreenblatt » Tue Jun 27, 2023 4:10 am

So I think maybe some module link libpng 1.2.13 by "is_official_build= true" parameter.

That would not change the libpng version.
magreenblatt
Site Admin
 
Posts: 12409
Joined: Fri May 29, 2009 6:57 pm
Top
Post a reply

Return to Support Forum

Who is online

Users browsing this forum: No registered users and 210 guests

Powered by phpBB® Forum Software © phpBB Group