Chris Evans discovered several vulnerabilities in libpng:
CAN-2004-0597
Multiple buffer overflows exist, including when
handling transparency chunk data, which could be exploited to cause
arbitrary code to be executed when a specially crafted PNG image is
processed
CAN-2004-0598
Multiple NULL pointer dereferences in
png_handle_iCPP() and elsewhere could be exploited to cause an
application to crash when a specially crafted PNG image is processed
CAN-2004-0599
Multiple integer overflows in the png_handle_sPLT(),
png_read_png() functions and elsewhere could be exploited to cause an
application to crash, or potentially arbitrary code to be executed,
when a specially crafted PNG image is processed
In addition, a bug related to CAN-2002-1363 was fixed:
For the current stable distribution (woody), these problems have been
fixed in libpng3 version 1.2.1-1.1.woody.7 and libpng version
1.0.12-3.woody.7.
For the unstable distribution (sid), these problems will be fixed soon.
We recommend that you update your libpng and libpng3 packages.