Recently discovered security flaws in JPEG format do not affect The Bat!, because The Bat! does not use GDI+ which is the target of the attack.
The poisoned JPEG picture could be displayed on a website, sent in email, or circulated on a P2P network.
The Bat! uses an JPEG Library Version 6b by Independent JPEG Group which is immune to this vulnerability.