Page 1 of 1

Google Play (Libpng Vulnerability) HELP + REWARD

Posted: Wed Mar 06, 2019 12:48 am
by Eric_Davis
Hi Guys!

I work on a Windows 7 64-bit PC. I created a simple application for Android using Eclipse and Gamekit = (Blender + Ogre), the APK was created correctly and works great when I run it on my smartphone. But when
upload to google play I get the vulnerability warning Libpn:


"This information is intended for application developers using any version of the libpng library, which contains a security vulnerability
disclosed in CVE-2015-8540. Applications with vulnerabilities like this may expose users to compromise risks and may be considered a violation of our malicious behavior policy.


Migrate your application (s) to libpng v1.0.66, v.1.2.56, v.1.4.19, v1.5.26 or higher as soon as possible and increment the updated APK version number "


I would be very grateful if anyone could help me, I have been looking for more than weeks and I have not been able to solve this problem, I am already very frustrated and discouraged by it. I wanted the help of anyone who could recompile for me
this project so that the file referring to the 'vulnerable lpng' library is updated to the requested versions. I think the problem is in the file "libogrekit.so" in the folder "(libs / armeabi-v7a)", but I lack the knowledge to solve this unfortunately.


I am sending the link to download the project. The game file is a test that comes ready, it's not my real project, it's just to test it myself:


GameKit-Android project: https://storage.googleapis.com/google-c ... -r1119.zip

My email: ericdavis55@outlook.com



Once again thank you very much to whom you can give me this great help, Send me your contact and when the application receives profits I will send you a thank you in cash, it will be very well deserved! See you!

Re: Google Play (Libpng Vulnerability) HELP + REWARD

Posted: Tue Apr 28, 2020 2:10 am
by dertom
omg,...you are really still using gamekit. Ok, I love it. But even as one of the last developers of it I say you should really bury it ;) (eventhough it is a shame we let it die :| )

I'm actually not sure what version your zip is based on. I compiled the git master with libpng v1.2.59
There were some errors compiling the pluginPNG in freeimage about some missing fields in the new version....I guess they were just obsolete.
I just compiled and didn't create an apk or so. Not sure how to do it without eclipse and adt....and no ant-script?!?

Whatever, so maybe it works and maybe not....(what is more likely).

Have a look here: http://thomas.trocha.com/misc/gk_android_demo.zip

Good luck.

EDIT: lol, I just saw that this was from march'19....rofl. Good that I burned some time for this, where we are in the middle of EarlyAccess. :D Whatever...everyone keep on rocking