Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file.
http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html
http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html
http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html
https://access.redhat.com/errata/RHSA-2017:1208
https://bugzilla.redhat.com/show_bug.cgi?id=1254242
https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html
https://security.gentoo.org/glsa/201707-07