CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pinextpcrl, pinextcprl,and pinextrpcl in lib/openjp3d/pi.c (bsc#1102016).
CVE-2018-16375: Fixed missing checks for headerinfo.height and headerinfo.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882).
CVE-2018-16376: Fixed heap-based buffer overflow function t2encodepacket in lib/openmj2/t2.c (bsc#1106881).
CVE-2018-20845: Fixed division-by-zero in the functions pinextpcrl, pinextcprl, and pinextrpcl in openmj2/pi.c (bsc#1140130).
CVE-2018-20846: Fixed out-of-bounds accesses in pinextlrcp, pinextrlcp, pinextrpcl, pinextpcrl, pinextrpcl, and pinextcprl in openmj2/pi.c (bsc#1140205).
CVE-2020-8112: Fixed heap-based buffer overflow in opjt1clbldecodeprocessor in openjp2/t1.c (bsc#1162090).
CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578).
CVE-2020-27823: Fixed heap buffer over-write in opjtcddclevelshift_encode() (bsc#1180457).
CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774).
CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738).