http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2413 "Heap-based buffer overflow in Imager before 0.57 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via compressed 8-bit BMP files." All distros currently at < 0.57.
FC-5, FC-6, and devel are all building now. Thanks for the heads-up.