Errata overview
Errata ID 552
Date 2018-11-28
Source package jasper
Fixed in version 1.900.1-debian1-2.4+deb8u4
Description 
This update addresses the following issues:
* integer overflow in jas_image_cmpt_create() (CVE-2015-5203)
* use-after-free and double-free flaws in mif_process_cmpt() (CVE-2015-5221)
* missing jas_matrix_create() parameter checks (CVE-2016-8690)
* tile memory not released on image parsing errors (CVE-2017-13748)
* heap-based buffer over-read in jas_image_ishomosamp() (CVE-2017-14132)
Additional notes
CVE ID CVE-2015-5203
CVE-2015-5221
CVE-2016-8690
CVE-2017-13748
CVE-2017-14132
UCS Bug number #48206