Ubuntu has issued an advisory today (May 23): https://ubuntu.com/security/notices/USN-5432-1 The issues are fixed in libpng 1.6.37, so that package is fine. The libpng12 package may be affected, which Ubuntu fixed in xenial in 1.2.54-1ubuntu1.1+esm1 (but their patches may not be public since it's esm).
libpng is registered with akien, so assigning this to you. Although you have not touched it for years (committed the current version in 2018), neither has anybody else: it has been 'quiet'.
Assignee: bugsquad => rverschelde