A vulnerability has been found and corrected in libgdiplus:

Multiple integer overflows in libgdiplus 2.6.7, as used in Mono,
allow attackers to execute arbitrary code via (1) a crafted TIFF
file, related to the gdip_load_tiff_image function in tiffcodec.c;
(2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal
function in jpegcodec.c; or (3) a crafted BMP file, related to the
gdip_read_bmp_image function in bmpcodec.c, leading to heap-based
buffer overflows (CVE-2010-1526).

The updated packages have been patched to correct this issue.