Dan Rosenberg discovered that in dvipng, a utility that converts DVI files to PNG graphics, several array index errors allow context-dependent attackers, via a specially crafted DVI file, to cause a denial of service , and possibly arbitrary code execution.