The libpng web site posted a Vulnerability Warning stated that 1.6.36 and earlier versions have a bug that might cause trouble. One can find the report from CVE-2019-7317 .
According to the png.h, the latest version of libpng is 1.6.1, it would be nice if the JUCE team could upgrade to libpng 1.6.37, which fixed the vulnerability.
The libpng version in the JUCE master branch is 1.6.31