An out-of-bounds heap read vulnerability was found in the jpcpinextpcrl() function of jasper before 2.0.6 when processing crafted input.