Try
commented
3 years ago Hi, @sam-baumann and thanks for vulnerability report!
I took a look into current status of libpng, and look like there was more fixes lately. So, I will discard the PR itself, in favor of full library update.
libpng update is done in 0fb3311
Fixed vulnerability found at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12652 by updating pngpread.c