tetris11_, harmattan ships with libpng 1.2.42. Until now, this library version has had five security-related bugs and more are uncovered all the time. All interpreters are susceptible to privilege escalating bugs to some degree. Generally, a specially crafted file could make the PNG (or JPEG, or GIF, or PDF, ...) library overwrite some of its own memory with some binary of the attacker's choosing.

There are countermeasures to this, none of them completely waterproof.

So, in principle, one could craft a PNG that, when displayed on an N9, would make it execute a piece of code with user privileges. The BlackHat paper outlines this.