In GraphicsMagick 1.4 snapshot-20181209 Q8 on 32-bit platforms there is a heap-based buffer over-read in the ReadBMPImage function of bmp.c, which allows attackers to cause a denial of service via a crafted bmp image file. This only affects GraphicsMagick installations with customized BMP limits.