Google recently began the rollout of the February 2019 Android security update, that addresses 42 issues. One of the vulnerabilities fixed could enable a remote attacker using a specially crafted PNG file to execute arbitrary code. That means, access to the device it is viewed on.
The vulnerability affects Android 7.0 and above versions. While Google has released a fix, the fix is currently available on for Pixel smartphones, the Pixel C tablet, and the Essential Phone.
What can you do in the meantime ? Don’t open an image, especially a PNG file received from an untrusted source. And apply the security update as soon as it becomes available.
Read more about it here.