Multiple buffer overflows in the pngsetPLTE and pnggetPLTE functions in libpng before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image (CVE-2015-8126).
This issue also affected libpng 1.2 before 1.2.54. The libpng and libpng12 packages have been updated to versions 1.6.19 and 1.2.54, respectively, fixing this issue.