CVE-2014-9495
Heap-based buffer overflow in the png_combine_row function in libpng before 1.5.21 and 1.6.x before 1.6.16, when running on 64-bit systems, might allow context-dependent attackers to execute arbitrary code via a "very wide interlaced" PNG image.
Date published : 2015-01-10
http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html