The libpng packages contain a library of functions for creating andmanipulating PNG (Portable Network Graphics) image format files.A flaw was discovered in libpng that could result in libpng trying tofree() random memory if certain, unlikely error conditions occurred. If acarefully-crafted PNG file was loaded by an application linked againstlibpng, it could cause the application to crash or, potentially, executearbitrary code with the privileges of the user running the application.(CVE-2009-0040)A flaw was discovered in the way libpng handled PNG images containing"unknown" chunks. If an application linked against libpng attempted toprocess a malformed, unknown chunk in a malicious PNG image, it could causethe application to crash. (CVE-2008-1382)Users of libpng and libpng10 should upgrade to these updated packages,which contain backported patches to correct these issues. All runningapplications using libpng or libpng10 must be restarted for the update totake effect.