An issue was discovered in JasPer 2.0.14. There is a NULL pointer dereference in the function ras_putdatastd in ras/ras_enc.c.
lists.opensuse.org/opensuse-security-announce/2020-09/msg00082.html
lists.opensuse.org/opensuse-security-announce/2020-09/msg00085.html
github.com/mdadams/jasper/issues/184
lists.debian.org/debian-lts-announce/2019/01/msg00003.html
security.gentoo.org/glsa/201908-03
www.oracle.com/security-alerts/cpuapr2020.html