Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
www.debian.org/security/2015/dsa-3577
www.openwall.com/lists/oss-security/2016/05/01/5
www.openwall.com/lists/oss-security/2016/05/02/1
www.openwall.com/lists/oss-security/2016/05/03/3
github.com/akheron/jansson/issues/282
github.com/akheron/jansson/pull/284
github.com/akheron/jansson/pull/284/commits/64ce0ad3731ebd77e02897b07920eadd0e2cc318