Only in libpng-0.90: makefile
diff -r -U 3 libpng-0.90/pngconf.h libpng-0.90patch11/pngconf.h
--- libpng-0.90/pngconf.h	Thu Jan 16 20:39:48 1997
+++ libpng-0.90patch11/pngconf.h	Mon Aug  2 07:22:44 2004
@@ -214,6 +214,13 @@
 #define PNG_WRITE_FILLER_SUPPORTED
 #define PNG_WRITE_FLUSH_SUPPORTED
 
+#ifndef PNG_USER_WIDTH_MAX
+#  define PNG_USER_WIDTH_MAX 1000000L
+#endif
+#ifndef PNG_USER_HEIGHT_MAX
+#  define PNG_USER_HEIGHT_MAX 1000000L
+#endif
+
 /* These functions are turned off by default, as they will be phased out. */
 #undef  PNG_USE_OWN_CRC
 #undef  PNG_CORRECT_PALETTE_SUPPORTED
diff -r -U 3 libpng-0.90/pngrcb.c libpng-0.90patch11/pngrcb.c
--- libpng-0.90/pngrcb.c	Mon Jan  6 20:26:39 1997
+++ libpng-0.90patch11/pngrcb.c	Mon Aug  2 07:21:05 2004
@@ -18,6 +18,9 @@
    if (!info)
       return;
 
+  if (width > PNG_USER_WIDTH_MAX || height > PNG_USER_HEIGHT_MAX)
+     png_error(png_ptr, "image size exceeds user limits in IHDR");
+
    info->width = width;
    info->height = height;
    info->bit_depth = (png_byte)bit_depth;