CVE 2016-3616
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
See the
CVE page on Mitre.org
for more details.