coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted file, related to the AcquireCacheNexus function in magick/pixel_cache.c.
https://lists.debian.org/debian-lts-announce/2017/11/msg00013.html
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
https://sourceforge.net/p/graphicsmagick/bugs/450/