Use CVE-2013-7353 for "png_set_unknown_chunks in libpng/pngset.c ...
Fixed in libpng-1.5.14beta08"

("has four integer overflow bugs" is apparently a typo of "has one
integer overflow bug")

Use CVE-2013-7354 for "The png_set_sPLT() and png_set_text_2()
functions have a similar bug, which is fixed in libpng-1.5.14rc03" --
this has a different discoverer.

The vendor mentions that internal calls use safe values. These issues
could potentially affect applications that use the libpng API.
Apparently no such applications were identified as part of the work on
bug 199.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA

I'll update the CHANGES files for libpng15, 16, and 17 to include
these CVE numbers in the appropriate January 2013 entries.