diff -up cups-1.3.9/filter/image-png.c.CVE-2008-5286 cups-1.3.9/filter/image-png.c
--- cups-1.3.9/filter/image-png.c.CVE-2008-5286	2008-07-11 23:48:49.000000000 +0100
+++ cups-1.3.9/filter/image-png.c	2008-12-03 12:23:14.000000000 +0000
@@ -178,7 +178,7 @@ _cupsImageReadPNG(
     {
       bufsize = img->xsize * img->ysize;
 
-      if ((bufsize / img->ysize) != img->xsize)
+      if ((bufsize / img->xsize) != img->ysize)
       {
 	fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
 		(unsigned)width, (unsigned)height);
@@ -190,7 +190,7 @@ _cupsImageReadPNG(
     {
       bufsize = img->xsize * img->ysize * 3;
 
-      if ((bufsize / (img->ysize * 3)) != img->xsize)
+      if ((bufsize / (img->xsize * 3)) != img->ysize)
       {
 	fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
 		(unsigned)width, (unsigned)height);