First published: Tue Jul 14 2020(Updated: )
It was discovered that the TIFF plugin in the ImageIO component of OpenJDK did not restrict the amount of memory allocated when reading TIFF image files. A specially-crafted TIFF file could cause a Java application using ImageIO to allocate an excessive amount of memory disproportionate to the image size.
Credit: secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <11-openjdk-1:11.0.8.10-0.el7_8 | 11-openjdk-1:11.0.8.10-0.el7_8 |
redhat/java | <11-openjdk-1:11.0.8.10-0.el8_2 | 11-openjdk-1:11.0.8.10-0.el8_2 |
redhat/java | <11-openjdk-1:11.0.8.10-0.el8_0 | 11-openjdk-1:11.0.8.10-0.el8_0 |
redhat/java | <11-openjdk-1:11.0.8.10-0.el8_1 | 11-openjdk-1:11.0.8.10-0.el8_1 |
debian/openjdk-11 | 11.0.24+8-2~deb11u1 11.0.26+4-1~deb11u1 11.0.27~4ea-1 | |
Oracle Java SE 7 | =11.0.7 | |
Oracle Java SE 7 | =14.0.1 | |
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.50.2 | |
NetApp SANtricity Storage Manager | ||
NetApp SANtricity Unified Manager | ||
NetApp E-Series SANtricity Web Services | ||
Red Hat Fedora | =31 | |
Red Hat Fedora | =32 | |
SUSE Linux | =15.1 | |
SUSE Linux | =15.2 | |
Debian Linux | =10.0 | |
Ubuntu | =18.04 | |
Ubuntu | =20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID for this Java SE vulnerability is CVE-2020-14562.
This vulnerability affects the ImageIO component of Oracle Java SE.
Java SE versions 11.0.7 and 14.0.1 are affected by this vulnerability.
An unauthenticated attacker with network access can exploit this vulnerability via multiple protocols to compromise Java SE.
The severity of this vulnerability is medium with a CVSS score of 5.3.