Dillo, an open source graphical web browser, suffers from an integer overflow which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by HTML pages with embedded PNG images, the Png_datainfo_callback function does not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability. Versions 2.1 and below are affected.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/78930/oCERT-2009-008.txt
Source: https://packetstormsecurity.com/files/78930/Open-Source-CERT-Security-Advisory-2009.8.html