The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
https://lists.debian.org/debian-lts-announce/2018/06/msg00009.html
https://bugzilla.redhat.com/show_bug.cgi?id=1374233
http://www.securityfocus.com/bid/93074
http://www.openwall.com/lists/oss-security/2016/09/18/8
http://lists.opensuse.org/opensuse-updates/2016-10/msg00097.html
http://lists.opensuse.org/opensuse-updates/2016-10/msg00094.html