A potential buffer overflow condition in the VCL bitmap processing code (specifically in the function PaletteFromDIBColorTable) could be potentially used to inject malicious code into an application. So this is a serious issue and you are recommended to apply the patch to your new and existing Delphi and C++Builder applications.

If you have an XE6 version, there is a ready-to-install hot fix at  http://cc.embarcadero.com/Item/29913 (BMP Buffer Overflow hotfix). If you have an earlier version, you should follow the step provided at  http://support.embarcadero.com/article/44015 . The support article shows the two lines of code you shoudl add to the VCL.Graphics unit (or Graphics unit, if you are on an older version). Notice that the problem goes back to the early days of Delphi (and C++Builder) and a code fix is available for all, although there might be small differences in the source code to patch. 

For the record, the issue was found from an external security compnay, which correctly waited for our patch before an official announcement. As David W. mentioned on the Google+ Delphi Community at plus.google.com/u/0/116430453567926016001/posts/jgRhsy2TeKn: "This is the first security fix for Delphi I remember ever seeing. " Which is cearly good, given how many secutiry patches most other software programs require. Just saying.