Ubuntu Security Notice 936-1 – Dan Rosenberg discovered that dvipng incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/89248/USN-936-1.txt
Source: https://packetstormsecurity.com/files/89248/Ubuntu-Security-Notice-936-1.html