Integer Overflow

JasPer is vulnerable to integer overflows. A remote attacker could cause denial of service via a crafted image triggering use after free vulnerabilities. Affected by this issue is the function jasrealloc/memresize of the file base/jasmalloc.c...

jasper: incorrect handling of bufsize 0 in mem_resize()

Double free vulnerability in the memclose function in jasstream.c in JasPer before 1.900.10 allows remote attackers to cause a denial of service crash or possibly execute arbitrary code via a crafted BMP image to the imginfo command...