GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow vulnerability found in the "Display visual image directory" feature of the DescribeImage() function of the magick/describe.c file. One possible way to trigger the vulnerability is to run the identify command on a specially crafted MIFF format file with the verbose flag.
https://blogs.securiteam.com/index.php/archives/3494
https://lists.debian.org/debian-lts-announce/2017/11/msg00002.html
https://lists.debian.org/debian-lts-announce/2018/08/msg00002.html
https://usn.ubuntu.com/4232-1/