The jp2cdefdestroy function in jp2_cod.c in JasPer before 2.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image.
{ "availability": "No subscription required", "ubuntu_priority": "negligible", "binaries": [ { "binary_version": "1.900.1-14ubuntu3.5", "binary_name": "libjasper-dev" }, { "binary_version": "1.900.1-14ubuntu3.5", "binary_name": "libjasper-runtime" }, { "binary_version": "1.900.1-14ubuntu3.5", "binary_name": "libjasper-runtime-dbgsym" }, { "binary_version": "1.900.1-14ubuntu3.5", "binary_name": "libjasper1" }, { "binary_version": "1.900.1-14ubuntu3.5", "binary_name": "libjasper1-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "negligible", "binaries": [ { "binary_version": "1.900.1-debian1-2.4ubuntu1.2", "binary_name": "libjasper-dev" }, { "binary_version": "1.900.1-debian1-2.4ubuntu1.2", "binary_name": "libjasper-runtime" }, { "binary_version": "1.900.1-debian1-2.4ubuntu1.2", "binary_name": "libjasper-runtime-dbgsym" }, { "binary_version": "1.900.1-debian1-2.4ubuntu1.2", "binary_name": "libjasper1" }, { "binary_version": "1.900.1-debian1-2.4ubuntu1.2", "binary_name": "libjasper1-dbgsym" } ] }