An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file. I have created a PR fixing this: https://github.com/gentoo/gentoo/pull/38411
I see no references to this issue in the cimg repository. It looks like this was never reported there and we can't be sure if this is fixed somewhere. Filip: you claim that your PR fixes this, can you explain how this is fixed?