Advanced Search
Wu Shuyi, Chen Bihuan, Wang Ying, Zhao Wenyun. C/C++ THIRD PARTY LIBRARY'S VULNERABILITY IMPACT ANALYSIS METHOD BASED ON CALL GRAPH ANALYSISJ. Computer Applications and Software, 2025, 42(6): 43-51. DOI: 10.3969/j.issn.1000-386x.2025.06.006
Citation: Wu Shuyi, Chen Bihuan, Wang Ying, Zhao Wenyun. C/C++ THIRD PARTY LIBRARY'S VULNERABILITY IMPACT ANALYSIS METHOD BASED ON CALL GRAPH ANALYSISJ. Computer Applications and Software, 2025, 42(6): 43-51. DOI: 10.3969/j.issn.1000-386x.2025.06.006
shu

C/C++ THIRD PARTY LIBRARY'S VULNERABILITY IMPACT ANALYSIS METHOD BASED ON CALL GRAPH ANALYSIS

    Abstract
  • To eliminate the false positives caused by coarse-grained impact analysis of existing software component analysis tools, a C/C++ third party library (TPL)'s vulnerability impact analysis method based on call graph analysis is proposed. The method evaluated the impact of TPL vulnerabilities by checking whether the TPL vulnerabilities were reachable through the call graph of the software, which provided a fine-grained, method-level and accurate TPL vulnerability impact analysis. The experiments show that the method achieves a precision of 94% and a recall of 77%, and reduces 80% of the false positives caused by coarse-grained impact analysis.
    • FullText(HTML)
  • loading
    • References (0)
    • Related Articles

Catalog

    Turn off MathJax
    Article Contents

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return