libpng version 1.6.31 added png_handle_eXIf(), which has a
null-pointer-dereference bug as well as a potential memory leak. Insofar as the
function has existed for only four weeks and the chunk itself for only six,
it's unlikely there are any applications affected by it at this time, but they
might come into existence in the future. The vulnerability is fixed in version
1.6.32, released on 24 August 2017.