Ben

Name of the Vulnerable Software and Affected Versions: libpng versions prior to 1.2.22 beta1 Description: The issue is caused by an off-by-one error in ICC profile chunk handling in the png set iCCP function in pngset.c. This error allows remote attackers to cause a denial of service (crash) via a crafted PNG image. The issue arose due to an incorrect fix for a previous problem. Recommendations: For versions prior to 1.2.22 beta1, update to version 1.2.22 beta1 or later to resolve the issue. As a temporary workaround, consider restricting the handling of ICC profile chunks in the png set iCCP function to minimize the risk of exploitation.