jp2_decode in jp2/jp2_dec.c in libjasper in JasPer has a heap-based
buffer over-read when there is an invalid relationship between the
number of channels and the number of image components.
For Debian 8 jessie, these problems have been fixed in version 1.900.1-debian1-2.4+deb8u7.
We recommend that you upgrade your jasper packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/