In ImageMagick the ReadSUNImage function in bmp.c allows attackers to cause a denial of service (memory leak) via a crafted file. Upstream bug: https://github.com/ImageMagick/ImageMagick/issues/449