Allegro relies on external libraries like libpng, GDI+, etc to be secure. If any of those have bugs, then Allegro will have bugs. On top of that, Allegro's own code could have security related bugs. e.g., I doubt every al_malloc() is checked to see if it is non NULL.
Then there's user code. If I supply your program with an invalid bitmap, and Allegro returns NULL, and you do nothing about it, then your program will crash. If Allegro were built with security as a primary focus, then every function would check for NULL pointers, etc. But that's your responsibility.
If a user provided a 1000MB allegro.cfg file, then Allegro would probably choke while trying to load the config file. For Allegro's intended purpose, stuff like that doesn't really matter. But if you are running Allegro as part of some online image processing service, then some of these things come into play.
PS: This is, of course, not an exhaustive list. I'm just pointing out that there are many ways to crash a program that doesn't technically have bugs.