CVE-2016-9114 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9114): There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2. image->comps[compno].data is not assigned a value after initialization(NULL). Impact is Denial of Service.
Affects CLI tool only.
As said multiple times by mitre, a simple crash in a command-line tool where no library are involved is considered an inconvenience instead of a security issue.