Buffer overflow in APNGDis 2.8 and below allows a remote malicious user to execute arbitrary code via a crafted filename.
apng disassembler project apng disassembler