From ${URL} : A vulnerability was found in the way the JasPer's jas_matrix_clip() function parses certain JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. Original bug report (with reproducer attached): http://seclists.org/oss-sec/2016/q1/233 CVE assignment: http://seclists.org/oss-sec/2016/q1/235 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This is fixed in the latest jasper-1.900.6 We will stabilize it.
CVE-2016-2089 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2089): The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.
GLSA Vote: No