In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in coders/sixel.c in the ReadSIXELImage function, related to the sixel_decode function. https://nvd.nist.gov/vuln/detail/CVE-2018-5248