http://www.libpng.org/pub/png/libpng.html
libpng.org write :
Vulnerability Warning
Virtually all libpng versions through 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64, respectively, have a potential pointer overflow/underflow in png_handle_sPLT()/png_handle_pCAL() (and in png_handle_iTXt()/png_handle_zTXt() in the pre-1.6 branches), and all such versions likewise have a bug in their png_set_PLTE() implementations that left it open to the out-of-bounds write (CVE-2015-8126) that was supposed to have been fixed in the previous release. The bugs are fixed in versions 1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65, released on 3 December 2015.
Code: Select all
UsePNGImageDecoder()
ImportC ""
png_access_version_number()
EndImport
Debug png_access_version_number()