OpenCV 2.x uses vulnerable version of libpng #6694
Labels
Comments
simonrob
changed the title
Merged
|
opencv manager App on play store needs to be updated, too, i guess |
|
OpenCV 2.4.x Android SDK has been updated: |
|
(@alalek) This is not related to OpenCV and will not help with original problem https://github.com/sofensymbole/Libpng-1.6.23 Try this link , it is created to remove vulnerability of libpng. app sucessfully uploaded by use of it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
OpenCV 2.x (or at least the Android SDK version) uses a vulnerable version of libpng. Any applications uploaded to Google Play are given a warning and directed to this page: https://support.google.com/faqs/answer/7011127
The vulnerability in question is https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8540, which stems from an out-of-bounds memory access that could potentially lead to code execution Versions 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19 and 1.5.x before 1.5.26 are affected.
Google is going to block apps using vulnerable versions of libpng after 17 Sep 2016.
The text was updated successfully, but these errors were encountered: