Android: Removing OpenCV older version will resolve Libpng Vulnerability warning?

前端 未结 2 954
一整个雨季
一整个雨季 2020-11-28 12:59

I got an email from Google play store regarding - \"Google Play warning: You are using a vulnerable version of libpng\".

Email contains the below information - http

相关标签:
2条回答
  • 2020-11-28 13:30

    The vulnerable version of libpng in OpenCV 2.4.x was updated in OpenCV 2.4.13.1.
    It can be downloaded from here.

    As @Simon says, OpenCV 3.x is not affected.

    More info: #6694 OpenCV 2.x uses vulnerable version of libpng

    0 讨论(0)
  • 2020-11-28 13:48

    Yes, now confirmed with Google: Updating to 3.1.0 will fix the issue - I've upgraded one of my apps to 3.1.0, and while there's a bit of a bug in Google's detection of this vulnerability, I've had confirmation from a support representative that the new version is not vulnerable to this issue.

    --

    Previous answer:

    No - I've upgraded to 3.1.0 and still get the warning. Edit: see below for update

    The OpenCV Android SDK hasn't been updated since December 2015, so hopefully a newer version this year will use a fixed version of libpng.

    Edit: some odd behaviour on Google Play, and some digging into the version of libpng that that OpenCV 3.1.0 uses leads me to think that 3.1.0 is not vulnerable. I updated my app and the vulnerability warning was still there (with its warning text updated to the new APK version number). Now, however, Google Play has dismissed the alert, though it still confusingly refers to the new version as vulnerable.

    0 讨论(0)
提交回复
热议问题