Jose Duart of the Google Security Team discovered a double free flaw and a heap-based buffer overflow flaw in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.