Android: Removing OpenCV older version will resolve Libpng Vulnerability warning?

libpng android-security

Solution 1:

The vulnerable version of libpng in OpenCV 2.4.x was updated in OpenCV 2.4.13.1.
It can be downloaded from here.

As @Simon says, OpenCV 3.x is not affected.

More info: #6694 OpenCV 2.x uses vulnerable version of libpng

Solution 2:

Yes, now confirmed with Google: Updating to 3.1.0 will fix the issue - I've upgraded one of my apps to 3.1.0, and while there's a bit of a bug in Google's detection of this vulnerability, I've had confirmation from a support representative that the new version is not vulnerable to this issue.

--

Previous answer:

No - I've upgraded to 3.1.0 and still get the warning. Edit: see below for update

The OpenCV Android SDK hasn't been updated since December 2015, so hopefully a newer version this year will use a fixed version of libpng.

Edit: some odd behaviour on Google Play, and some digging into the version of libpng that that OpenCV 3.1.0 uses leads me to think that 3.1.0 is not vulnerable. I updated my app and the vulnerability warning was still there (with its warning text updated to the new APK version number). Now, however, Google Play has dismissed the alert, though it still confusingly refers to the new version as vulnerable.

Related

Rotate line around center point given two vertices
how to do autocomplete="off" at form level in JSF
How can I make GCC compile the .text section as writable in an ELF binary?
Trait implementation for both a trait object and for direct implementors of the trait
How to use graphics.h in codeblocks?
Detecting client disconnect in tomcat servlet?
convert iso date to timestamp in mongo query
getting a checkbox array value from POST
cx_Freeze converted GUI-app (tkinter) crashes after pressing plot button
MVC 4 how pass data correctly from controller to view
Retrieve current Windows user in Java EE web application for Single Sign On purposes
Can Swift return value from an async Void-returning block?