The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file.
References:
http://seclists.org/fulldisclosure/2017/Jul/66
Created libjpeg-turbo tracking bugs for this issue:
Affects: fedora-all [bug 1475744]
Created mingw-libjpeg-turbo tracking bugs for this issue:
Affects: epel-7 [bug 1475746]
Affects: fedora-all [bug 1475745]