Form secunia security advisory at $URL: Description: The vulnerability is caused due to a division by zero within the "png_handle_cHRM()" function (libpng/pngrutil.c) when processing certain cHRM chunks and can be exploited to cause a crash via specially crafted PNG files. The vulnerability is reported in version 1.5.4. Prior versions are not affected. Solution Update to version 1.5.5.
libpng-1.5.5 is in the tree now
(In reply to comment #1) > libpng-1.5.5 is in the tree now 1.5.4-r1 was committed yesterday for this CVE (told xarthisius to do that on Freenode) so we have been good since yesterday Thanks for 1.5.5 in any case :-)
Thanks ssuominen, vapier, xarthisius. As per ~3 closing as noglsa.
CVE-2011-3328 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3328): The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.
