The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted image.
https://security.gentoo.org/glsa/201908-03
http://www.openwall.com/lists/oss-security/2017/01/17/4
http://www.openwall.com/lists/oss-security/2017/01/16/5
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html
http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html