The ReadRLEImage function in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted file.
https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1533445
https://bugzilla.redhat.com/show_bug.cgi?id=1378746