Request for Component Version and Vulnerability Impact Analysis – Aspose.PDF for .NET

Hi Aspose Team,

Our Software Composition Analysis tool detects ‘libwebp’ library in Aspose.PDF for .NET dll.
There are a few High and Medium severity vulnerabilities reported on this library.

image.png (54.2 KB)

As per Aspose.PDF for .NET SBOM it is not directly used. However, there could be chances it might have been indirectly used by transitive dependencies.

Does Aspose use any Software Composition Analysis tool/Binary analysis tool to analyze vulnerabilities in direct/transitive dependencies used in the component?
Could you please check and confirm the usage of ‘libwebp’ in Aspose and whether it is detected in the Binary analysis scan? Would it be possible to share the Software Composition Analysis/Binary Analysis report?

Thanks for the clarification.

@SAMfulfillment

Hello,

Thank you for your inquiry regarding the usage of the ‘libwebp’ library in Aspose.PDF for .NET and the associated vulnerabilities.

Aspose is committed to software composition analysis and utilizes various tools to assess both direct and transitive dependencies for vulnerabilities. For the most accurate and detailed information regarding the specific usage of ‘libwebp’ and any related binary analysis reports, I recommend contacting our support team directly.

Please reach out to our support team through the official Aspose support channels for further assistance.

Best regards!