libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file. https://nvd.nist.gov/vuln/detail/CVE-2017-15232