Ubuntu Security Notice 936-1 - Dan Rosenberg discovered that dvipng incorrectly handled certain malformed dvi files. If a user or automated system were tricked into processing a specially crafted dvi file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program.
23e1806e667e375ce224dd1551dd81e163a77a4b0d3c96e6310f8689450dcab6