libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_struct. NOTE: This has been argued as being found in gif2png and not libpng. Reference: https://github.com/glennrp/libpng/issues/307 https://github.com/glennrp/libpng/issues/307#issuecomment-544779431
Created libpng tracking bugs for this issue: Affects: fedora-all [bug 1776982] Created libpng10 tracking bugs for this issue: Affects: epel-6 [bug 1776983] Affects: fedora-all [bug 1776988] Created libpng12 tracking bugs for this issue: Affects: fedora-all [bug 1776986] Created libpng15 tracking bugs for this issue: Affects: fedora-all [bug 1776987] Created mingw-libpng tracking bugs for this issue: Affects: epel-7 [bug 1776985] Affects: fedora-all [bug 1776989]
This is a problem with gif2png, not libpng. https://github.com/glennrp/libpng/issues/307#issuecomment-544779431 It affects gif2png versions written in C, i.e. before version 3.0 which is a re-write in the Go language. https://gitlab.com/esr/gif2png/issues/8 There is a patch included in the libpng issue that fixes gif2png.
I'm going to close the libpng10 bugs. I'd suggest adding tracker bugs on the gif2png package instead.
Firstly, the bug exists in gif2png, which is not shipped with any Red Hat Products, secondly Red Hat Product Security does not consider memory leak as a security flaw, unless it can cause application crash due to OOM. Therefore closing this bug as NOTABUG.