Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
https://www.exploit-db.com/exploits/2210
https://www.exploit-db.com/exploits/2204
https://www.exploit-db.com/exploits/2194
http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=6