stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service.
Created stbi tracking bugs for this issue: Affects: fedora-all [bug 2141794]
Public commit for this issue: https://github.com/nothings/stb/commit/5ba0baaa269b3fd681828e0e3b3ac0f1472eaf40