CVE-2016-1577: A double free vulnerability in jas_iccattrval_destroy function in JasPer 1.900.1 and earlier allowing remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted ICC color profile in a JPEG 2000 image file was found. CVE-2016-2089: The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service via a crafted JPEG 2000 image. CVE-2016-2116: Memory leak in jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier was found,allowing remote attackers to cause a denial of service via a crafted ICC color profile in a JPEG 2000 image file.