During the upstream update to libpng 1.2.6 and libpng 1.0.16, additional issues were fixed which were not fix in our update. These issues appear to lead to a crash from an OOB memory read. This issue should also affect RHEL2.1
This issue doesn't affect us after all.