The ReadPCXImage function in coders/pcx.c in ImageMagick 18.104.22.168 allows
remote attackers to cause a denial of service (attempted large memory
allocation and application crash) via a crafted file. NOTE: this
vulnerability exists because of an incomplete fix for CVE-2016-8862 and
This is upstream:
Upstream is unable to reproduce.
Upstream tried further mitigation via commit d94d85622f120f82240921ae7a83a72afcb79ddf which is available since v6.9.6-6 (current stable version in Gentoo is 22.214.171.124).
Issue pending closure on upstream. AJSAN issue.
You are getting an allocation error because the size of the colormap is ridiculous high. On our systems we can allocate this but it then fails at a later moment.