There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "libjasper-dev", "binary_version": "1.900.1-debian1-2.4ubuntu1.3" }, { "binary_name": "libjasper-runtime", "binary_version": "1.900.1-debian1-2.4ubuntu1.3" }, { "binary_name": "libjasper-runtime-dbgsym", "binary_version": "1.900.1-debian1-2.4ubuntu1.3" }, { "binary_name": "libjasper1", "binary_version": "1.900.1-debian1-2.4ubuntu1.3" }, { "binary_name": "libjasper1-dbgsym", "binary_version": "1.900.1-debian1-2.4ubuntu1.3" } ] }