CVE-2010-2249 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2249): Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
We already have 1.2.44 and 1.4.3, just need to decide on a glsa. Vote: no.
yes with #324153 and #307637
GLSA 201010-01