There is a NULL pointer dereference in function imagetobmp of
convertbmp.c:980 of OpenJPEG 2.1.2. image->comps.data is not assigned a
value after initialization(NULL). Impact is Denial of Service.
Affects CLI tool only.
As said multiple times by mitre, a simple crash in a command-line tool where no library are involved is considered an inconvenience instead of a security issue.