Security Vulnerability - Action Required: some unpatched vulnerabilities are detected in your repo

Hi,
our team have developed a recurring vulnerability detection tool. This tool mainly uses static analysis methods, and it has a high detection accuracy in our dataset. We have also received positive feedback from other projects before.
we have scanned your repo(GitHub - ONLYOFFICE/core: Server core components which are a part of ONLYOFFICE Document Server) and found some vulnerabilities, here are some details as follows:

  1. pixFewColorsOctcubeQuantMixed functions in the file DesktopEditor/raster/JBig2/source/LeptonLib/colorquant1.cpp. It may allow a heap-based buffer over-read. This vulnerability shares a similarity to CVE-2020-36281 and the fix of this CVE is Fixed issue 22140 in oss-fuzz: Heap-buffer-overflow · DanBloomberg/leptonica@5ee24b3 · GitHub
  2. findNextBorderPixel function in the file DesktopEditor/raster/JBig2/source/LeptonLib/ccbord.cpp. They may have a vulnerability that allows a heap-based buffer over-read. This vulnerability shares a similarity to CVE-2020-36278 and the fix of this CVE is Issue 23433 in oss-fuzz: Heap-buffer-overflow in findNextBorderPixel() · DanBloomberg/leptonica@8d6e175 · GitHub
    Would you can help to check if this bug is true? If it’s true, please try to fix it, or I’d like to open a PR for that if necessary. Thank you for your effort and patience!

Hello @Crispy-fried-chicken
We are checking the situation. I will update this thread as soon as possible.

Thank you for bringing this situation to our attention. We have started working on it.
Additionally, thank you for the links to the fixes, we will check them out.
I will update this thread once we have something to share.