The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. References: http://seclists.org/fulldisclosure/2017/Jul/66
Created libjpeg-turbo tracking bugs for this issue: Affects: fedora-all [bug 1475744] Created mingw-libjpeg-turbo tracking bugs for this issue: Affects: epel-7 [bug 1475746] Affects: fedora-all [bug 1475745]