security bug in jasper

1) Invalid pointer access Bug in jas_matrix_asl

mov rax, [rbp+var_10]
mov rax, [rax] // invalid memory access

https://github.com/mdadams/jasper/blob/master/src/libjasper/base/jas_seq.c#L354
Here pointer 'data' is corrupted and while trying to access it's value application crashes.

 while ( v4 > 0 )
      {
        v5 = *(_QWORD *)(a1 + 48);
        v7 = v6;
        while ( v5 > 0 )
        {
          *v7 = jas_fast32_asl(*v7, a2); // here pointer v7 is not validated
          --v5;
          ++v7;
        }

2) Invalid pointer access Bug in jpc_undo_roi

Invalid memory access bug in line jpc_dec.c (https://github.com/mdadams/jasper/blob/master/src/libjasper/jpc/jpc_dec.c#L1925). Here the base address of the matrix is passed to the function jpc_undo_roi() which can be controlled by corrupting the bit stream. An attacker can craft a jp2 image with malicious content to trigger an arbitrary memory read. This can be used along with other vulnerabilities to leak information.

for ( i = 0; (signed __int64)i < *(_QWORD *)(a1 + 40); ++i )
{
  for ( j = 0; (signed __int64)j < *(_QWORD *)(a1 + 48); ++j )
  {
    v15 = *(_QWORD *)(8LL * j + *(_QWORD *)(8LL * i + *(_QWORD *)(a1 + 56))); // crashing here
    v12 = (v15 ^ (v15 >> 63)) - (v15 >> 63);
    if ( 1 << v8 > v12 )

All these 2 bugs were found while extensive file format fuzzing and research done on the libjasper library.

From the quick checking I found that the address of access can be controlled by crafting jp2 image bit stream. Crash samples attached.

Please issue CVEs and fix these issues at the earliest.