diff -Naur jasper-1.900.1-old/src/libjasper/jpc/jpc_cs.c jasper-1.900.1/src/libjasper/jpc/jpc_cs.c
--- jasper-1.900.1-old/src/libjasper/jpc/jpc_cs.c	2007-01-19 16:43:07.000000000 -0500
+++ jasper-1.900.1/src/libjasper/jpc/jpc_cs.c	2007-05-20 12:20:02.000000000 -0400
@@ -982,7 +982,10 @@
 		compparms->numstepsizes = (len - n) / 2;
 		break;
 	}
-	if (compparms->numstepsizes > 0) {
+	if (compparms->numstepsizes > 3 * JPC_MAXRLVLS + 1) {
+		jpc_qcx_destroycompparms(compparms);
+                return -1;
+        } else if (compparms->numstepsizes > 0) {
 		compparms->stepsizes = jas_malloc(compparms->numstepsizes *
 		  sizeof(uint_fast16_t));
 		assert(compparms->stepsizes);