Marc Espie

**Name of the Vulnerable Software and Affected Versions** JasPer versions prior to 1.900.1-r3 **Description** The issue concerns multiple vulnerabilities in the JasPer package, which can be exploited remotely, potentially leading to breaches in confidentiality, integrity, and availability of protected information. A buffer overflow in the `jas stream printf` function in `libjasper/base/jas stream.c` may allow attackers to have an unknown impact via vectors related to the `mif hdr put` function and the use of `vsprintf`. **Recommendations** For JasPer versions prior to 1.900.1-r3, update to version 1.900.1-r3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `jas stream printf` function until a patch is available. Avoid using the `mif hdr put` function and the `vsprintf` function in the affected API endpoints until the issue is resolved.