Amazon Linux 2 Security Advisory: ALAS-2020-1450
Advisory Release Date: 2020-07-14 02:27 Pacific
Advisory Updated Date: 2020-07-17 00:48 Pacific
In AdvanceCOMP 2.1, png_compress in pngex.cc in advpng has an integer overflow upon encountering an invalid PNG size, which results in an attempted memcpy to write into a buffer that is too small. (There is also a heap-based buffer over-read.) (CVE-2019-9210 )
Run yum update advancecomp to update your system.