ImageMagick is vulnerable to an out of bounds read / heap Overflow in the function ReadPCXImage in the file pcx.c. GraphicsMagick, which is a fork of ImageMagick, is also affected.
The issue has been found with the help of Address Sanitizer and the fuzzing tool zzuf.
ImageMagick has released the fixed version 6.8.9-9 (also including fixes for other out of bounds issues).
GraphicsMagick has fixed the issue in its repository, no release yet.
2014-10-21: Discovery, informed both ImageMagick and GraphicsMagick developers
2014-10-23: Patch in ImageMagick SVN
2014-10-25: ImageMagick released 6.8.9-9 with fix
2014-10-26: Patch in GraphicsMagick Mercurial
Patch / upstream commit ImageMagick
Patch / upstream commit Graphicsmagick
Fuzzing sample (try with convert or identify)
Hanno Böck, 2014-11-01