There's a heap buffer overread that was discovered in ImageMagick version 7.1.0-20 in GetPixelAlpha() declared in MagickCore/pixel-accessor.h. A specially crafted file could trigger this and potentially cause a denial of service or information leak. Reference: https://github.com/ImageMagick/ImageMagick/issues/4729 Upstream patch commit: https://github.com/ImageMagick/ImageMagick/commit/e50f19fd73c792ebe912df8ab83aa51a243a3da7