Bacport of the upstream commit:

From 74ea22a7a4fe186e0a0124df25e19739b77c4a29 Mon Sep 17 00:00:00 2001
From: Richard Hughes <richard@hughsie.com>
Date: Mon, 19 Sep 2016 10:03:36 +0100
Subject: [PATCH] CVE-2016-1577

diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_icc.c jasper-1.900.1/src/libjasper/base/jas_icc.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_icc.c	2017-03-24 13:58:54.000000000 +0100
+++ jasper-1.900.1/src/libjasper/base/jas_icc.c	2017-03-24 13:59:12.000000000 +0100
@@ -299,6 +299,7 @@ jas_iccprof_t *jas_iccprof_load(jas_stre
 				if (jas_iccprof_setattr(prof, tagtabent->tag, attrval))
 					goto error;
 				jas_iccattrval_destroy(attrval);
+				attrval = 0;
 			} else {
 #if 0
 				jas_eprintf("warning: skipping unknown tag type\n");