There is a well-known threat named compression bombs. Such image formats as PNG and JPEG use compression methods, and therefore and in theory PNG/JPEG images might be a compression-bomb.
I've found an example of PNG, and many mitigations guidelines (1, 2) for PNG images.
But what about JPEG? How to protect against a JPEG-bomb? Are JPEG-bombs even possible?
The only JPEG-specific information I've found is JPEG XL predictors that might generate quite big images from just a few tens of bytes.