dmg2img does not validate the size of a buffer during memcpy() inside the main() function. This possibly leads to a crash of the dmg2img command with an undefined behavior. It may be possible for an attacker to control the written data.