Comment 4 for bug 1547865

Hello and thanks for the bug report. I have verified this bug on Xenial (jasper 1.900.1-debian1-2.4), as well.

I initially thought that it may be CVE-2014-8137 but we have released updates for that issue and I've verified that the corresponding patch is being applied in the jasper package's build. This must be a new issue.

Have you alerted upstream jasper or any other parties about this issue?