ITK libpng version

Fijoy_Vadakkumpadan · March 9, 2020, 2:48pm

Hello,

What version of libpng does ITK use?

I’m trying to resolve the (security) vulnerabilities associated with libpng by updating ITK to the latest version. But looking at the source (Modules/ThirdParty/PNG/itkpng/pngconf.h), both for the ITK version I currently have (4.10.1) and the latest version (5.0.1), it seems ITK has been using libpng version 1.6.9 from 2014. Can someone confirm? If yes, are there any plans to update the underlying libpng version to the latest (1.6.37) which has no known vulnerabilities?

Thanks.

dzenanz · March 9, 2020, 3:15pm

There is an update script for libPNG, I am executing it now.

dzenanz · March 9, 2020, 4:00pm

I manually resolved minor merge conflicts. I tried compiling and running PNG IO unit tests in Debug mode and all was fine. PR1689.