The host is installed with Google Chrome before 49.0.2623.75, Apple Mac OS X or Server 10.9.5, 10.10.5 or 10.11.x before 10.11.4 and is prone to multiple buffer overflow vulnerabilities. The flaws are present in the application, which fails to handle functions in libpng. Successful exploitation allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value_of in an IHDR (aka image header) chunk in a PNG image or execute arbitrary code.