CVE-2020-23909 (https://sourceforge.net/p/advancemame/bugs/285/): Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1. Upstream report is untouched.