Multiple integer overflows in Cairo before 1.4.12 might allow remote attackers to execute arbitrary code, as demonstrated using a crafted PNG image, which is not properly handled by the read_png function.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5503)