This update for jasper fixes the following issues: Security issues fixed: - CVE-2016-8654: Heap-based buffer overflow in QMFB code in JPC codec - CVE-2016-9395: Missing sanity checks on the data in a SIZ marker segment . - CVE-2016-9398: jpc_math.c:94: int jpc_floorlog2: Assertion "x 0" failed. - CVE-2016-9560: stack-based buffer overflow in jpc_tsfb_getbands2 - CVE-2016-9583: Out of bounds heap read in jpc_pi_nextpcrl - CVE-2016-9591: Use-after-free on heap in jas_matrix_destroy - CVE-2016-9600: Null Pointer Dereference due to missing check for UNKNOWN color space in JP2 encoder - CVE-2016-10251: Use of uninitialized value in jpc_pi_nextcprl - CVE-2017-5498: left-shift undefined behaviour - CVE-2017-6850: NULL pointer dereference in jp2_cdef_destroy