A crafted BPG image decoded by libbpg can cause an integer underflow vulnerability causing an out of bounds heap write leading to remote code execution. BPG (Better Portable Graphics) is an image format created in 2014 based on the HECV video compression standard. The vulnerability can be used to create a specially crafted image file which can be opened with any application using a vulnerable version of the libbPG library. If you are using vulnerable versions of the software you are ugred to apply the patch in the advisory.”]
Source: https://blog.talosintelligence.com/2017/01/vulnerability-spotlight-libbpg-image.html