I got an email from Google play store regarding - "Google Play warning: You are using a vulnerable version of libpng".
Email contains the below information - https://support.google.com/faqs/answer/7011127
I didn't use libpng library in my application anywhere. But, In my android application, I am using the OpenCV2.4.5 library. After searching in the internet, I came to know that the OpenCV library uses the libpng.
My question - The upgrading of OpenCV2.4.5 to OpenCV3.1.0 will resolve "vulnerable version of libpng" warning?
Yes, now confirmed with Google: Updating to 3.1.0 will fix the issue - I've upgraded one of my apps to 3.1.0, and while there's a bit of a bug in Google's detection of this vulnerability, I've had confirmation from a support representative that the new version is not vulnerable to this issue.
--
Previous answer:
No - I've upgraded to 3.1.0 and still get the warning. Edit: see below for update
The OpenCV Android SDK hasn't been updated since December 2015, so hopefully a newer version this year will use a fixed version of libpng.
Edit: some odd behaviour on Google Play, and some digging into the version of libpng that that OpenCV 3.1.0 uses leads me to think that 3.1.0 is not vulnerable. I updated my app and the vulnerability warning was still there (with its warning text updated to the new APK version number). Now, however, Google Play has dismissed the alert, though it still confusingly refers to the new version as vulnerable.
The vulnerable version of libpng in OpenCV 2.4.x was updated in OpenCV 2.4.13.1.
It can be downloaded from here.
As @Simon says, OpenCV 3.x is not affected.
More info: #6694 OpenCV 2.x uses vulnerable version of libpng
来源:https://stackoverflow.com/questions/37875685/android-removing-opencv-older-version-will-resolve-libpng-vulnerability-warning