A flaw in libjpeg-turbo was reported ,, that could lead to a local denial of service when processing a specially-crafted JPEG issue.
One of the reports indicate that this only affects versions of libjpeg-turbo prior to 1.3.1 due to 1.3.1 rejecting the malformed image due to duplicate SOI markers.
Upstream has fixes for this issue ,. Also refer to the upstream bug .
Created libjpeg-turbo tracking bugs for this issue:
Affects: fedora-all [bug 1169850]
Created mingw-libjpeg-turbo tracking bugs for this issue:
Affects: fedora-all [bug 1169851]
Affects: epel-7 [bug 1169853]
libjpeg-turbo-1.3.1-3.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
libjpeg-turbo-1.3.1-5.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.