The bmpgetdata function in libjasper/bmp/bmpdec.c in JasPer before 1.900.5 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted BMP image in an imginfo command.
{ "binaries": [ { "binary_version": "1.900.1-14ubuntu3.4", "binary_name": "libjasper-dev" }, { "binary_version": "1.900.1-14ubuntu3.4", "binary_name": "libjasper-runtime" }, { "binary_version": "1.900.1-14ubuntu3.4", "binary_name": "libjasper1" } ], "availability": "No subscription required" }
{ "binaries": [ { "binary_version": "1.900.1-debian1-2.4ubuntu1.1", "binary_name": "libjasper-dev" }, { "binary_version": "1.900.1-debian1-2.4ubuntu1.1", "binary_name": "libjasper-runtime" }, { "binary_version": "1.900.1-debian1-2.4ubuntu1.1", "binary_name": "libjasper1" } ], "availability": "No subscription required" }