Build 4.0.0.16 of xlsgen is a security update related to a library dependency of xlsgen core called libPNG.
libPNG (PNG is short for Portable Network Graphics), is the official library for reading and writing PNG pictures.
We are using the latest version of libPNG, where a number of vulnerabilities have been closed compared to the version of libPNG we are using until now.
CVE 2015 7981 : potential out-of-bounds read in png_set_tIME()/png_convert_to_rfc1123() and an out-of-bounds write in png_get_PLTE()/png_set_PLTE().
CVE 2015 8126 : potential pointer overflow/underflow in png_handle_sPLT()/png_handle_pCAL() (and in png_handle_iTXt()/png_handle_zTXt() in the pre-1.6 branches), and all such versions likewise have a bug in their png_set_PLTE() implementations that left it open to the out-of-bounds write .
CVE 2015 8540 : potential out-of-bounds read in png_check_keyword().