In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based buffer over-read in ReadOneMNGImage in coders/png.c, related to length calculation and caused by an off-by-one error.
https://github.com/ImageMagick/ImageMagick/issues/906
https://lists.debian.org/debian-lts-announce/2018/01/msg00000.html
https://usn.ubuntu.com/3681-1/