In ImageMagick 7.0.8-3 Q16, ReadDIBImage and WriteDIBImage in coders/dib.c allow attackers to cause an out of bounds write via a crafted file.
https://github.com/ImageMagick/ImageMagick/issues/1178
https://lists.debian.org/debian-lts-announce/2018/06/msg00004.html