Undies:

The JPG file vulnerability is AFIK a header corruption.. meaning that any picture can be corrupted..
When the header is corrupted in a malicious way then what follows in the rest of the file is not a .jpg. It's a buffer overflow followed by the exploit code. Thus it isn't a .jpg... It's a POS masquerading as a jpg.... hence my comments on the failure in the security model. It's not a problem with .jpg's it's a vulnerability in the associated application that is being exploited by people who lie about the nature of the file structure. It's really close to social engineering insofar as people "trust" .jpg's. But the exploit is part social engineering and part exploitation of an OS that depends upon a file extension to know what to do with it rather than assessing the file header in conjunction with the extension and determining a course of "sensible" action....

"and the candle flickers brighter for a second only to return to normal dim glow...." could be this effect..
How many times has this happened in my life already.... I get brilliant ideas only to find that the wheel was re-invented last week.....