libpng version 1.6.31 added png_handle_eXIf(), which has a null-pointer-dereference bug as well as a potential memory leak. Insofar as the function has existed for only four weeks and the chunk itself for only six, it's unlikely there are any applications affected by it at this time, but they might come into existence in the future. The vulnerability is fixed in version 1.6.32, released on 24 August 2017.