An out-of-bounds read vulnerability leading to denial of service has been found in libjpeg-turbo <= 1.5.1, in the fill_input_buffer function in jdatasrc.c, via a crafted JPEG file.
An out-of-bounds read vulnerability leading to denial of service has been found in libjpeg-turbo <= 1.5.1, in the fill_input_buffer function in jdatasrc.c, via a crafted JPEG file.
http://seclists.org/fulldisclosure/2017/Jul/66