Published: 27 July 2017
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file.
CVSS 3 base score: 8.8
this isn't actually a security issue in libjpeg-turbo, it is a bad usage of the API. See upstream bug.