There are lots of memory leaks in JasPer 2.0.12, triggered in the function jasstrdup() in base/jasstring.c, that will lead to a remote denial of service attack.