Hello and thanks for the bug report. I have verified this bug on Xenial (jasper 1.900.1-debian1-2.4), as well.
I initially thought that it may be CVE-2014-8137 but we have released updates for that issue and I've verified that the corresponding patch is being applied in the jasper package's build. This must be a new issue.
Have you alerted upstream jasper or any other parties about this issue?
Hello and thanks for the bug report. I have verified this bug on Xenial (jasper 1.900.1- debian1- 2.4), as well.
I initially thought that it may be CVE-2014-8137 but we have released updates for that issue and I've verified that the corresponding patch is being applied in the jasper package's build. This must be a new issue.
Have you alerted upstream jasper or any other parties about this issue?