stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. Reference: https://github.com/nothings/stb/issues/1289 Upstream patch: https://github.com/nothings/stb/pull/1297
Created stb tracking bugs for this issue: Affects: epel-all [bug 2077024] Affects: fedora-all [bug 2077023]
This is covered by the same patch as bug 2077019, so it will be fixed by the same set of updates.