CamlImages versions 2.2 and below suffer from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by PNG image parsing, the read_png_file and read_png_file_as_rgb24 functions do not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/78877/oCERT-2009-009.txt
Source: https://packetstormsecurity.com/files/78877/Open-Source-CERT-Security-Advisory-2009.9.html