In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error. Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/906 Upstream patch: https://github.com/ImageMagick/ImageMagick/commit/e41f18ecccbdd1c38e1382057718e91e8f8d6d80
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1529171]