In ImageMagick 7.0.8-3 Q16, ReadBMPImage and WriteBMPImage in coders/bmp.c allow attackers to cause an out of bounds write via a crafted file.
https://github.com/ImageMagick/ImageMagick/issues/1177
https://lists.debian.org/debian-lts-announce/2018/06/msg00004.html