Jon Foster

**Name of the Vulnerable Software and Affected Versions** libpng versions 1.0.0 through 1.0.41 libpng versions 1.2.x through 1.2.33 **Description** The issue in libpng might allow attackers to set the value of an arbitrary memory location to zero via crafted PNG files with keywords, related to an implicit cast of the '0' character constant to a NULL pointer. This is related to the png check keyword function in pngwutil.c. Multiple vulnerabilities in the libpng package can lead to disruption of protected information and can be exploited remotely. **Recommendations** For libpng versions 1.0.0 through 1.0.41, update to version 1.0.42 or later. For libpng versions 1.2.x through 1.2.33, update to version 1.2.34 or later.