Heap-based Buffer Overflow

Summary

ImageMagick is free and open-source software used for editing and manipulating digital images. In versions through 6.9.13-27, and 7.0.0-24 through 7.1.2-1 for ImageMagick's 32-bit build, a 32-bit Integer Overflow in the BMP encoders scanline-stride computation collapses `bytes_per_line` (stride) to a tiny value while the per-row writer still emits 3 width bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. This issue affects Magick.NET versions through 14.8.0.