CVE-2018-17073by Jeremyin Security Bulletinson Posted on September 16, 2018 wernsey/bitmap before 2018-08-18 allows a NULL pointer dereference via a 4-bit image.