Endeavor

**Name of the Vulnerable Software and Affected Versions** libpng versions prior to 1.5.21 libpng versions 1.6.x prior to 1.6.16 **Description** The issue is caused by a buffer overflow in the `png read IDAT data` function in `pngrutil.c` of the libpng library. This can be exploited by a remote attacker to execute arbitrary code using IDAT data with a large width. **Recommendations** For libpng versions prior to 1.5.21, update to version 1.5.21 or later. For libpng versions 1.6.x prior to 1.6.16, update to version 1.6.16 or later. As a temporary workaround, consider restricting the use of IDAT data with large widths to minimize the risk of exploitation.