Libpng · Libpng · CVE-2011-0408
**Name of the Vulnerable Software and Affected Versions**
libpng versions 1.5.x before 1.5.1
**Description**
The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted palette-based PNG image. This is related to the `png do expand palette` function, the `png do rgb to gray` function, and an integer underflow.
**Recommendations**
For libpng versions 1.5.x before 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of palette-based PNG images until the update is applied.