diff -r -U3 libpng-0.95/pngconf.h libpng-0.95patch11/pngconf.h
--- libpng-0.95/pngconf.h	Sat Mar 29 02:35:00 1997
+++ libpng-0.95patch11/pngconf.h	Mon Aug  2 06:58:40 2004
@@ -239,6 +239,13 @@
 #define PNG_WRITE_SWAP_ALPHA_SUPPORTED
 #define PNG_WRITE_WEIGHTED_FILTER_SUPPORTED
 
+#ifndef PNG_USER_WIDTH_MAX
+#  define PNG_USER_WIDTH_MAX 1000000L
+#endif
+#ifndef PNG_USER_HEIGHT_MAX
+#  define PNG_USER_HEIGHT_MAX 1000000L
+#endif
+
 /* These are currently experimental features */
 #undef PNG_READ_16_TO_8_ACCURATE_SHIFT_SUPPORTED /* very little testing */
 #undef PNG_READ_COMPOSITE_NODIV_SUPPORTED        /* very little testing */
--- libpng-0.95/pngset.c	Sat Mar 29 07:07:34 1997
+++ libpng-0.95patch11/pngset.c	Mon Aug  2 06:56:37 2004
@@ -82,6 +82,9 @@
    if (info_ptr == NULL)
       return;
 
+   if (width > PNG_USER_WIDTH_MAX || height > PNG_USER_HEIGHT_MAX)
+      png_error(png_ptr, "image size exceeds user limits in IHDR");
+
    info_ptr->width = width;
    info_ptr->height = height;
    info_ptr->bit_depth = (png_byte)bit_depth;