Gentoo Linux Security Advisory GLSA 200804-15 - Tavis Ormandy of the Google Security Team discovered that libpng does not handle zero-length unknown chunks in PNG files correctly, which might lead to memory corruption in applications that call png_set_read_user_chunk_fn() or png_set_keep_unknown_chunks(). Versions less than 1.2.26-r1 are affected.
6bf42712b9c2950b7d9c27c6bf8a5dcee94696371bd6e9631217aa9a23265d5f