TechQA.

Libpng vulnerability issue

465 views Asked by At

Hi I'm using the following dependencies in my project Gradle and I have update all the packages so far but every time after uploading google play console rejecting my app saying Libpng vulnerability issue. 

compile fileTree(dir: 'libs', include: ['*.jar'])
compile 'com.android.support:appcompat-v7:25.1.0'
compile 'com.android.support:support-v4:25.1.0'
compile 'com.jpardogo.materialtabstrip:library:1.1.0'
compile 'com.google.android.gms:play-services-location:10.0.1'
compile 'com.google.android.gms:play-services:10.0.1'
compile 'com.fasterxml.jackson.core:jackson-databind:2.8.5'
compile 'com.squareup.okhttp:okhttp:2.4.0'
compile files('src/libs/xmlpull_1.1.3.1.jar')
compile 'com.google.code.gson:gson:2.4'
compile project(':nikon_lib')
compile project(':hgrid_lib')
compile 'com.squareup.picasso:picasso:2.5.2'
compile 'com.amazonaws:aws-android-sdk-core:2.3.8'
compile 'com.amazonaws:aws-android-sdk-cognito:2.3.8'
compile 'com.amazonaws:aws-android-sdk-s3:2.3.8'
compile 'com.amazonaws:aws-android-sdk-ddb:2.3.8'
compile 'com.github.bumptech.glide:glide:3.7.0'
compile 'jp.wasabeef:glide-transformations:2.0.1'
compile 'com.android.support:multidex:1.0.1'
compile('com.crashlytics.sdk.android:crashlytics:2.6.5@aar') {
transitive = true;
}

After running the Gradle dependency script ./gradlew app:dependencies I got the tree structure which I have shown below but still I couldn't find what dependency is using Libpng library

|    +--- com.google.android.gms:play-services-analytics:10.0.1
|    |    +--- com.google.android.gms:play-services-analytics-impl:10.0.1
|    |    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    |    \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-tagmanager-v4-impl:10.0.1
|    |         +--- com.google.android.gms:play-services-analytics-impl:10.0.1 (*)
|    |         +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |         \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    +--- com.google.android.gms:play-services-analytics-impl:10.0.1 (*)
|    +--- com.google.android.gms:play-services-appinvite:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-tasks:10.0.1 (*)
|    +--- com.google.android.gms:play-services-auth:10.0.1
|    |    +--- com.google.android.gms:play-services-auth-base:10.0.1
|    |    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    |    \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-tasks:10.0.1 (*)
|    +--- com.google.android.gms:play-services-auth-base:10.0.1 (*)
|    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    +--- com.google.android.gms:play-services-cast-framework:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-cast:10.0.1
|    |    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    |    \--- com.android.support:mediarouter-v7:24.0.0
|    |    |         +--- com.android.support:palette-v7:24.0.0
|    |    |         |    \--- com.android.support:support-v4:24.0.0 -> 25.1.0 (*)
|    |    |         \--- com.android.support:appcompat-v7:24.0.0 -> 25.1.0 (*)
|    |    \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    +--- com.google.android.gms:play-services-cast:10.0.1 (*)
|    +--- com.google.android.gms:play-services-clearcut:10.0.1 (*)
|    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    +--- com.google.firebase:firebase-config:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    +--- com.google.firebase:firebase-iid:10.0.1
|    |    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    |    \--- com.google.firebase:firebase-common:10.0.1
|    |    |         +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    |         \--- com.google.android.gms:play-services-tasks:10.0.1 (*)
|    |    +--- com.google.firebase:firebase-common:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-tasks:10.0.1 (*)
|    +--- com.google.android.gms:play-services-awareness:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-location:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-places:10.0.1
|    |         +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |         +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |         +--- com.google.android.gms:play-services-maps:10.0.1
|    |         |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |         |    \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |         \--- com.google.android.gms:play-services-tasks:10.0.1 (*)
|    +--- com.google.firebase:firebase-crash:10.0.1
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    +--- com.google.firebase:firebase-iid:10.0.1 (*)
|    |    +--- com.google.firebase:firebase-common:10.0.1 (*)
|    |    \--- com.google.firebase:firebase-analytics:10.0.1
|    |         +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |         +--- com.google.firebase:firebase-common:10.0.1 (*)
|    |         \--- com.google.firebase:firebase-analytics-impl:10.0.1
|    |              +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |              +--- com.google.firebase:firebase-iid:10.0.1 (*)
|    |              \--- com.google.firebase:firebase-common:10.0.1 (*)
|    +--- com.google.android.gms:play-services-drive:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    +--- com.google.firebase:firebase-auth:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    +--- com.google.firebase:firebase-common:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-tasks:10.0.1 (*)
|    +--- com.google.firebase:firebase-database-connection:10.0.1
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    \--- com.google.firebase:firebase-common:10.0.1 (*)
|    +--- com.google.firebase:firebase-database:10.0.1
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    +--- com.google.firebase:firebase-database-connection:10.0.1 (*)
|    |    +--- com.google.firebase:firebase-common:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-tasks:10.0.1 (*)
|    +--- com.google.firebase:firebase-iid:10.0.1 (*)
|    +--- com.google.firebase:firebase-messaging:10.0.1
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    +--- com.google.firebase:firebase-iid:10.0.1 (*)
|    |    \--- com.google.firebase:firebase-common:10.0.1 (*)
|    +--- com.google.firebase:firebase-storage:10.0.1
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    +--- com.google.firebase:firebase-storage-common:10.0.1
|    |    |    \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    +--- com.google.firebase:firebase-common:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-tasks:10.0.1 (*)
|    +--- com.google.firebase:firebase-storage-common:10.0.1 (*)
|    +--- com.google.firebase:firebase-common:10.0.1 (*)
|    +--- com.google.android.gms:play-services-fitness:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-location:10.0.1 (*)
|    +--- com.google.android.gms:play-services-games:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-drive:10.0.1 (*)
|    +--- com.google.android.gms:play-services-gass:10.0.1 (*)
|    +--- com.google.android.gms:play-services-gcm:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-iid:10.0.1
|    |         +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |         \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    +--- com.google.firebase:firebase-appindexing:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    +--- com.google.firebase:firebase-common:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-tasks:10.0.1 (*)
|    +--- com.google.android.gms:play-services-identity:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    +--- com.google.android.gms:play-services-iid:10.0.1 (*)
|    +--- com.google.android.gms:play-services-instantapps:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    +--- com.google.android.gms:play-services-location:10.0.1 (*)
|    +--- com.google.android.gms:play-services-maps:10.0.1 (*)
|    +--- com.google.firebase:firebase-analytics:10.0.1 (*)
|    +--- com.google.firebase:firebase-analytics-impl:10.0.1 (*)
|    +--- com.google.android.gms:play-services-nearby:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    +--- com.google.android.gms:play-services-panorama:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    +--- com.google.android.gms:play-services-places:10.0.1 (*)
|    +--- com.google.android.gms:play-services-plus:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    +--- com.google.android.gms:play-services-safetynet:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-tasks:10.0.1 (*)
|    +--- com.google.android.gms:play-services-tagmanager-api:10.0.1
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    \--- com.google.firebase:firebase-analytics:10.0.1 (*)
|    +--- com.google.android.gms:play-services-tagmanager:10.0.1
|    |    +--- com.google.android.gms:play-services-analytics-impl:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-tagmanager-api:10.0.1 (*)
|    +--- com.google.android.gms:play-services-tagmanager-v4-impl:10.0.1 (*)
|    +--- com.google.android.gms:play-services-tasks:10.0.1 (*)
|    +--- com.google.android.gms:play-services-vision:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    +--- com.google.android.gms:play-services-wallet:10.0.1
|    |    +--- com.google.android.gms:play-services-base:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-basement:10.0.1 (*)
|    |    +--- com.google.android.gms:play-services-identity:10.0.1 (*)
|    |    \--- com.google.android.gms:play-services-maps:10.0.1 (*)
|    \--- com.google.android.gms:play-services-wearable:10.0.1
|         +--- com.google.android.gms:play-services-base:10.0.1 (*)
|         \--- com.google.android.gms:play-services-basement:10.0.1 (*)
+--- com.fasterxml.jackson.core:jackson-databind:2.8.5
|    +--- com.fasterxml.jackson.core:jackson-annotations:2.8.0
|    \--- com.fasterxml.jackson.core:jackson-core:2.8.5
+--- com.squareup.okhttp:okhttp:2.4.0
|    \--- com.squareup.okio:okio:1.4.0
+--- com.google.code.gson:gson:2.4
+--- project :nikon_lib
|    \--- com.android.support:support-v4:25.1.0 (*)
+--- project :hgrid_lib
+--- com.squareup.picasso:picasso:2.5.2
+--- com.amazonaws:aws-android-sdk-core:2.3.8
|    \--- com.google.code.gson:gson:2.2.4 -> 2.4
+--- com.amazonaws:aws-android-sdk-cognito:2.3.8
|    \--- com.amazonaws:aws-android-sdk-core:2.3.8 (*)
+--- com.amazonaws:aws-android-sdk-s3:2.3.8
|    \--- com.amazonaws:aws-android-sdk-core:2.3.8 (*)
+--- com.amazonaws:aws-android-sdk-ddb:2.3.8
|    \--- com.amazonaws:aws-android-sdk-core:2.3.8 (*)
+--- com.github.bumptech.glide:glide:3.7.0
+--- jp.wasabeef:glide-transformations:2.0.1
|    \--- com.github.bumptech.glide:glide:3.7.0
+--- com.android.support:multidex:1.0.1
\--- com.crashlytics.sdk.android:crashlytics:2.6.5
+--- com.crashlytics.sdk.android:beta:1.2.2
|    \--- io.fabric.sdk.android:fabric:1.3.13 -> 1.3.14
+--- com.crashlytics.sdk.android:crashlytics-core:2.3.14
|    +--- com.crashlytics.sdk.android:answers:1.3.10
|    |    \--- io.fabric.sdk.android:fabric:1.3.14
|    \--- io.fabric.sdk.android:fabric:1.3.14
+--- com.crashlytics.sdk.android:answers:1.3.10 (*)
  \--- io.fabric.sdk.android:fabric:1.3.14
android libpng android-security
Original Q&A
2

There are 2 answers

4
JP Ventura On

Assuming you are inside your project directory and the Android application directory is named app, run the command:

./gradlew app:dependencies

This will show the package dependencies tree, revealing which one requires libpng.

0
Antimony On

Most likely, libpng was compiled in to a native executable, and gradle doesn't know about it. You could try greping for "libpng" in all of the .so files. The filename of the .so should give a clue to where it came from.

Related Questions in ANDROID

Related Questions in LIBPNG

Related Questions in ANDROID-SECURITY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions