IMO it is not 100% clear if this is a vulnerability is in JPEGOPTIM and there is not fix yet. Still opening the bug so you are aware in case :)