libpng before 1.6.32 does not properly check the length of chunks against the user limit. CREATE(Triage): {Link=https://nvd.nist.gov/vuln/detail/CVE-2017-12652 User=admin}