Debian Linux Security Advisory 3106-1 - Jose Duart of the Google Security Team discovered a double free flaw (CVE-2014-8137) and a heap-based buffer overflow flaw (CVE-2014-8138) in JasPer, a library for manipulating JPEG-2000 files. A specially crafted file could cause an application using JasPer to crash or, possibly, execute arbitrary code.
7d6d5cdfc306ba24da2224abb9b09a1bedf8f1aba115f137fe3edbcb6239afcf