Libpng issue/vulnerability submitting app to GooglePlay Console

Hi everyone,

We are trying to release a game in the Android store, but in the APK autocheck process the feedback from Google is that the APK was rejected because we are including a version of libpng library too old. You can see the issue explanation in the link below:

To compile we’re using Unity 5.6.3p1. We try to update Unity version to the last one but this doesn’t make any different result. We tried to update some plugins too, for example: GooglePlayServices plugin, AVProVideo plugin…

We built the project using the next android build targets: 4.4 (KitKat), 5.1 (Lollipop) and 7.0&7.1 (Nougat) with the same bad result.

In the project we’re using the function EncodeToPNG() from Unity. We’re trying to change this to JPG to see if something change…

About the build process, we’re using the integrated Unity process to make the APK. We use the splitted APK option to generate spearated OBB files.

Any clue or advice will help us a lot :slight_smile:

Thanks in advance!

This is an EXACT duplicate of Libpng issue/vulnerability submitting app to GooglePlay Console not a letter of the title nor message seems to differ!?

Hi nat42, we had a mistake with the account used. The other one is old, we’re trying to delete it. I’m so sorry about that issue :frowning:

Did you solve this???

I too ran into this. Is there a way to check which version of libpng Unity is using in its build? Or is it more Android settings?

Gonna bump this as I’m seeing all my applab stuff coming up with this libpng vulnerability!

I too need an answer to this. Other places have suggested upgrading the Unity version, but I upgraded to 2020.3.13f1 and that still didn’t fix the issue. I’m hesitant to upgrade again as that was a lot of work, but others have found success migrating to 2022. I’d love to have a different solution to this problem though.

Libpng was updated to 1.6.37 in 2020.3.26f1, any release after that one should include the fix for CVE-2019-7317.

Sorry for necrobump but I just received this:

Libpng library

The vulnerabilities were fixed in libpng v1.0.66, v.1.2.56, v.1.4.19, v1.5.26 or higher. You can find more information about how resolve the issue in this Google Help Center article.

With a game built in 2021.3.34LTS. Any idea?

The “resolve” page says:

How to fix apps containing Libpng Vulnerability
This information is intended for developers of apps that utilize any version of libpng library, that contains a security vulnerability disclosed in CVE-2015-8540. Apps with vulnerabilities like this can expose users to risk of compromise and may be considered in violation of our Malicious Behavior policy.Please migrate your app(s) to libpng v1.0.66, v.1.2.56, v.1.4.19, v1.5.26 or higher as soon as possible and increment the version number of the upgraded APK.