In ImageMagick the ReadBMPImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/451