Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before
1.4.3, allows remote attackers to cause a denial of service (memory
consumption and application crash) via a PNG image containing
malformed Physical Scale (aka sCAL) chunks.
We already have 1.2.44 and 1.4.3, just need to decide on a glsa.
yes with #324153 and #307637