I found a global buffer overflow in the current master (15cf3d9).
I build openjpeg with ASAN, this is ASAN report.
POC picture : 
➜ ~ /openjpeg/build/bin/opj_compress -i ~/sample.png -o ./a.j2c -IMF 2K -n 12
IMF profile activated
Other options specified could be overridden
[WARNING] IMF profiles require at most 3 components.
-> Number of components of input image (4) is not compliant
-> Non-IMF codestream will be generated
[WARNING] IMF 2K profile requires 1 <= NL <= 5:
-> Number of decomposition levels is 11.
-> Non-IMF codestream will be generated
=================================================================
==32636==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f5f4f3d0da0 at pc 0x7f5f4f24f578 bp 0x7ffeec2c3170 sp 0x7ffeec2c3160
READ of size 8 at 0x7f5f4f3d0da0 thread T0
#0 0x7f5f4f24f577 in opj_dwt_calc_explicit_stepsizes /home/yuan/openjpeg-ASAN/src/lib/openjp2/dwt.c:1979
#1 0x7f5f4f2a5cd1 in opj_j2k_setup_encoder /home/yuan/openjpeg-ASAN/src/lib/openjp2/j2k.c:8137
#2 0x55d7efb43a4d in main /home/yuan/openjpeg-ASAN/src/bin/jp2/opj_compress.c:2145
#3 0x7f5f4e3e4bf6 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21bf6)
#4 0x55d7efb49019 in _start (/home/yuan/openjpeg-ASAN/build/bin/opj_compress+0x1b019)
0x7f5f4f3d0da0 is located 32 bytes to the left of global variable 'opj_dwt_norms' defined in '/home/yuan/openjpeg-ASAN/src/lib/openjp2/dwt.c:197:26' (0x7f5f4f3d0dc0) of size 320
0x7f5f4f3d0da0 is located 0 bytes to the right of global variable 'opj_dwt_norms_real' defined in '/home/yuan/openjpeg-ASAN/src/lib/openjp2/dwt.c:209:26' (0x7f5f4f3d0c60) of size 320
SUMMARY: AddressSanitizer: global-buffer-overflow /home/yuan/openjpeg-ASAN/src/lib/openjp2/dwt.c:1979 in opj_dwt_calc_explicit_stepsizes
Shadow bytes around the buggy address:
0x0fec69e72160: 00 00 00 02 f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9
0x0fec69e72170: 00 07 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00
0x0fec69e72180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fec69e72190: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fec69e721a0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fec69e721b0: 00 00 00 00[f9]f9 f9 f9 00 00 00 00 00 00 00 00
0x0fec69e721c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fec69e721d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fec69e721e0: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
0x0fec69e721f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0fec69e72200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==32636==ABORTING
I also try to prove it without ASAN.
opj_dwt_norms_real[4][10] is define in dwt.c:209
And in dwt.c:1979, it try to read :
opj_dwt_norms_real[0][11]
opj_dwt_norms_real[1][10]
....
It has a global buffer overflow when -n >= 10 with -IMF 2K.
I found a global buffer overflow in the current master (15cf3d9).
I build openjpeg with ASAN, this is ASAN report.
POC picture :
I also try to prove it without ASAN.
opj_dwt_norms_real[4][10]is define in dwt.c:209And in dwt.c:1979, it try to read :
It has a global buffer overflow when
-n >= 10with-IMF 2K.