The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ImageMagick 7.0.7-22 Q16 and other products, allows attackers to cause a denial of service (stack-based buffer under-read) via a crafted bmp image. Upstream issue: https://github.com/ImageMagick/ImageMagick/issues/973
Created ImageMagick tracking bugs for this issue: Affects: fedora-all [bug 1541867]