graphics/jasper is a (the?) alternate JPEG 2000 CODEC project. It has good support and no currently reported vulns. It is used by graphics/GraphicsMagick and might be an altnernatative. graphics/darktable seems to have optional graphics/ImageMagick and graphics/openjpeg support, so simply unselecting those options should get you past the vulnerability fail. If you need JPEG200 support, I seem to remember in the distant past doing something like this site describes to use graphics/GraphicsMagick instead of graphics/ImageMagick, which would then optionally install graphics/jasper for JPEG2000 support rather than graphics/openjpeg.