The Debian Security Advisory DSA-4458-1 outlines severe vulnerabilities in libjpeg-turbo that could permit unauthorized code execution through specially crafted JPEG files.
Vladimir Nadvornik discovered that the fix for CVE-2006-5456, released in USN-372-1, did not correctly solve the original flaw in PALM image handling