CVE 2016-7445
convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors involving the variable s.
See the
CVE page on Mitre.org
for more details.