As a result of bug 324153, splashutils should be upgraded to use libpng-1.4.3.
I doubt there is much of a attack vector, but nevertheless...
I have just updated libpng to 1.4.3 in splashutils-126.96.36.199-r3.
I guess it's time for...
Arch's, please test & stabilize:
Marked ppc stable.
GLSA request filed.
This issue was resolved and addressed in
GLSA 201412-08 at http://security.gentoo.org/glsa/glsa-201412-08.xml
by GLSA coordinator Sean Amoss (ackle).