A vulnerability has been reported in libpng, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an off-by-one error within the ICC profile chunk handling, which potentially can be exploited to crash an application using the library. Note: Other chunk handling routines may be affected, too. The vulnerability is reported in version 1.2.21. Other versions may also be affected. Solution: Fixed in 1.2.22 beta 2 or later.
Base-system, please advise.
(In reply to comment #1) > Base-system, please advise. Maybe this is already fixed with 1.2.21-r2, see bug 194864
yes, already been fixed and the version in question was never in stable, so nothing to be done for security *** This bug has been marked as a duplicate of bug 194864 ***