Jasper · Jasper · CVE-2016-1577
**Name of the Vulnerable Software and Affected Versions**
JasPer versions 1.900.1 and earlier
**Description**
A double free vulnerability in the `jas iccattrval destroy` function allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file.
**Recommendations**
For JasPer versions 1.900.1 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.