The host is installed with Google Chrome before 49.0.2623.75 or Oracle Java SE through 6u105, through 7u91 or through 8u66 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle functions in libpng. Successful exploitation allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.