There are lots of memory leaks in JasPer 2.0.12, triggered in the function jasstrdup() in base/jasstring.c, that will lead to a remote denial of service attack.
{ "binaries": [ { "binary_name": "libjasper-dev", "binary_version": "1.900.1-debian1-2.4ubuntu1.3" }, { "binary_name": "libjasper-runtime", "binary_version": "1.900.1-debian1-2.4ubuntu1.3" }, { "binary_name": "libjasper1", "binary_version": "1.900.1-debian1-2.4ubuntu1.3" } ] }