ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE headers that specify too few colors, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
https://sourceforge.net/p/graphicsmagick/bugs/458/