CVE-2021-33479 (https://sourceforge.net/p/jocr/bugs/39/): A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in measure_pitch() in pgm2asc.c. CVE-2021-33480 (https://sourceforge.net/p/jocr/bugs/41/): https://sourceforge.net/p/jocr/bugs/40/ An use-after-free vulnerability was discovered in gocr through 0.53-20200802 in context_correction() in pgm2asc.c. CVE-2021-33481 (https://sourceforge.net/p/jocr/bugs/42/): A stack-based buffer overflow vulnerability was discovered in gocr through 0.53-20200802 in try_to_divide_boxes() in pgm2asc.c. All appear unfixed upstream.