From ${URL} : A vulnerability was found in the way the JasPer's jpc_pi_nextcprl() function parses certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. Report with the reproducer attached: http://seclists.org/oss-sec/2016/q1/84 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This is fixed in the latest jasper-1.900.6 We will stabilize it.
CVE-2016-1867 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1867): The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
Vulnerability can result in a DoS. No PoC regarding ACE or privilege escalation. Severity changed to reflect. GLSA Vote: No