Janpan Janpan - 8 months ago 148
Android Question

Android libpng security vulnerability

I have submitted my release apk to the Google Play console, however it was rejected due to a libpng security vulnerability. I have a couple of libraries I use in my app. How do I know which of these uses libpng ?

I am using android studio.


I am not using OpenCV as a library !

These are my dependencies in my build.gradle file :

dependencies {
compile fileTree(dir: 'libs', include: ['*.jar'])
testCompile 'junit:junit:4.12'
compile 'com.android.support:appcompat-v7:23.4.0'
compile 'com.android.support:support-v4:23.4.0'
compile 'com.android.support:design:23.4.0'
compile 'com.android.support:cardview-v7:23.4.0'
compile 'com.android.support:recyclerview-v7:23.4.0'
compile files('libs/sdk-v1.0.0.jar')
compile(name: 'pen-v4.1.0_full', ext: 'aar')
compile 'com.journeyapps:zxing-android-embedded:3.2.0@aar'
compile 'com.google.zxing:core:3.2.1'
compile files('libs/gson-2.3.jar')
compile files('libs/httpclient-4.4.jar')
compile files('libs/httpcore-4.4.jar')
compile files('libs/httpmime-4.3.6.jar')

Let me ask my question again:

How do I know which of these libraries uses libpng ?

Thanks in advance !


Use strings <youlibrary>.so | grep png. If you see output full of png_set_*, png_write_*, png_image_* - that library uses libpng.