Technical Description
A vulnerability has been identified in Libpng, which could be exploited by attackers to cause a denial of service or execute arbitrary commands. This flaw is due to a buffer overflow error in the "png_decompress_chunk()" [pngrutil.c] routine that does not validate the "chunk_name" before being copied into an insufficiently sized buffer, which could be exploited by attackers to crash an application linked against a vulnerable library or potentially execute arbitrary code via a specially crafted image.
Affected Products
Libpng versions prior to 1.0.20
Libpng versions prior to 1.2.12
Solution
Upgrade to Libpng version 1.0.20 or 1.2.12 :
http://sourceforge.net/projects/libpng/
