Android Phones Can Be Hacked Remotely by Viewing Malicious PNG Image
The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process. This bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Security vulnerabilities that are documented in this security bulletin are required to declare the latest security patch level on Android devices.
Source: source.android.com