Sheng Shu

**Name of the Vulnerable Software and Affected Versions** IJG JPEG (aka libjpeg) versions prior to 9d **Description** The issue is related to the `jpeg mem available()` function in `jmemnobs.c` in `djpeg`, which does not honor the `max memory to use` setting, possibly causing excessive memory consumption. This could allow a remote attacker to disclose protected information or cause a denial of service. **Recommendations** For versions prior to 9d, update to version 9d or later to resolve the issue. As a temporary workaround, consider restricting the use of the `jpeg mem available()` function in `djpeg` to minimize the risk of exploitation.