The libpng project announced that libpng 1.5.4 through 1.5.7 contain a one-byte (stack) buffer-overrun bug in png_formatted_warning(), which could lead to crashes (denial of service) or, conceivably, execution of hostile code. This vulnerability has been assigned ID CVE-2011-3464 and is fixed in version 1.5.8, released 1 February 2012. References: http://www.libpng.org/pub/png/libpng.html
Created mingw-libpng tracking bugs for this issue Affects: fedora-17 [bug 843190]
Statement: Not vulnerable. This issue did not affect the versions of libtiff as shipped with Red Hat Enterprise Linux 4, 5, and 6.