VTK/ITK use old versions of libpng (containing security vulnerabilities); should update
This issue was created automatically from an original Mantis Issue. Further discussion may take place here.
As of 2007-08-09 the latest version of libpng is 1.2.18. See http://www.libpng.org/pub/png/libpng.html
VTK and ITK both include 1.0.12 according to comments in png.h.
A quick search of the Common Vulnerabilities and Exposures (CVE) database reveals that there have been several serious bugs that may allow arbitrary code execution: http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=libpng
The libpng page, right at the top in red, also discusses serious security bugs.
VTK and ITK are therefore likely vulnerable as well!
That's one good reason to update. Another is that the newer libpng is likely to better support 64 bit machines, as they have become much more popular in recent years.