|Description||JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|NVD severity||medium (attack range: remote)|
Vulnerable and fixed packages
The table below lists information on source packages.
|jasper (PTS)||jessie (security), jessie||1.900.1-debian1-2.4+deb8u3||vulnerable|
The information below is based on the following data on fixed versions.
|Package||Type||Release||Fixed Version||Urgency||Origin||Debian Bugs|
Fixed by: https://github.com/mdadams/jasper/commit/a632c6b54bd4ffc3bebab420e00b7e7688aa3846
Not suitable for code injection, hardly denial of service