|Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45,
1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an
application that calls the png_rgb_to_gray function but not the
png_set_expand function, allows remote attackers to overwrite memory
with an arbitrary amount of data, and possibly have unspecified other
impact, via a crafted PNG image.