I use a program, called Secunia Software Inspector, that monitors executables installed on my computer for obsolescence and security vulnerabilities (it alerts me whenever an executable's version number has been supplanted by an update and/or if the installed version has been reported to Secunia's website as having security vulnerabilities).
Recently, it started reporting that the version of the file compression library, zlib.dll, installed with SVCD2DVD, was a security risk. I researched it and found out that, indeed, zLib had been updated to fix some security flaws -- way back in 2005 -- but that SVCD2DVD was using a previous version of the runtime (the latest version is 1.2.3). I imagine I've been using what was an insecure version of it all along; it's only that the Secunia Software Inspector just recently added zlib.dll to its database of files to check.
It's unlikely that having the file isolated in SVCD2DVD's installation folder, where it wouldn't be prone to access by anything other than SVCD2DVD itself (which would hardly be exploiting any security risks in the zLib library), would ever lead to any practical security risk, but -- just to get the warning messages from the Software Inspector to go away -- I thought I should try to update it. I went to the main zLib website (http://www.zlib.net), found a link there (http://www.winimage.com/zLibDll) to an updated, pre-compiled Windows version of the library (zlibwapi.dll), renamed it and replaced the zlib.dll file in SVCD2DVD's installation folder. Knowing that pre-compiled versions of open source, non-native Windows components can differ greatly -- and not always work -- I did a couple of test runs and nothing seems to be amiss with SVCD2DVD's ability to perform as expected.
I just thought the author ought to know of the issue so he might use the latest build of zLib in the next update of SVCD2DVD.
+ Reply to Thread
Results 1 to 2 of 2