CVE-2016-9113 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9113): There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2. image->comps[0].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
Affects CLI tool only.
As said multiple times by mitre, a simple crash in a command-line tool where no library are involved is considered an inconvenience instead of a security issue.