Mdadams

**Name of the Vulnerable Software and Affected Versions** JasPer versions prior to 1.900.13 **Description** The issue is related to an integer overflow in the `jpc dec process siz` function, which can be triggered by a crafted file. This leads to an assertion failure. **Recommendations** For versions prior to 1.900.13, update to version 1.900.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** JasPer version 1.900.5 **Description** The issue allows remote attackers to cause a denial of service by calling the imginfo command with a crafted BMP image, resulting in a NULL pointer dereference. This is due to an incomplete fix for a previous issue. **Recommendations** For JasPer version 1.900.5, consider avoiding the use of the `bmp getdata` function in libjasper/bmp/bmp dec.c until a complete fix is available. As a temporary workaround, restrict the processing of crafted BMP images to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.