Versions up through 1.2.16 (and 1.0.24) have an NULL-pointer-dereference vulnerability involving palette images with a malformed tRNS chunk (i.e., one with a bad CRC value). This bug can, at a minimum, cause crashes in browsers simply by visiting a page displaying such an image; reportedly it also crashes the Microsoft Windows display manager. CERT refers to it as VU#684664 and MITRE as CVE-2007-2445. It's fixed in versions libpng 1.2.18 and libpng 1.0.26 (also 1.2.17 and 1.0.25, which had a bug in their configure scripts), released 15 May 2007.
hum sorry for bugspam *** This bug has been marked as a duplicate of bug 178004 ***