First published: Mon Jan 17 2022(Updated: )
A flaw was found in the way the TIFFNullDecompressor class implementation in the ImageIO component of OpenJDK performed reading of uncompressed TIFF files. A specially-crafted TIFF image could cause the decompressor to create image objects with an inconsistent state due to failure to fully read the image.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <11-openjdk-1:11.0.14.0.9-1.el7_9 | 11-openjdk-1:11.0.14.0.9-1.el7_9 |
redhat/java | <17-openjdk-1:17.0.2.0.8-4.el8_5 | 17-openjdk-1:17.0.2.0.8-4.el8_5 |
redhat/java | <11-openjdk-1:11.0.14.0.9-2.el8_5 | 11-openjdk-1:11.0.14.0.9-2.el8_5 |
redhat/java | <11-openjdk-1:11.0.14.0.9-1.el8_1 | 11-openjdk-1:11.0.14.0.9-1.el8_1 |
redhat/java | <11-openjdk-1:11.0.14.0.9-1.el8_2 | 11-openjdk-1:11.0.14.0.9-1.el8_2 |
redhat/java | <11-openjdk-1:11.0.14.0.9-2.el8_4 | 11-openjdk-1:11.0.14.0.9-2.el8_4 |
debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.21+9-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1~deb11u1 11.0.22~6ea-1 | |
debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.9+9-1~deb11u1 17.0.9+9-1~deb12u1 17.0.9+9-2 17.0.10~6ea-1 | |
Oracle GraalVM | =20.3.4 | |
Oracle GraalVM | =21.3.0 | |
Oracle JDK | =11.0.13 | |
Oracle JDK | =17.0.1 | |
Oracle JRE | =11.0.13 | |
Oracle JRE | =17.0.1 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Netapp Cloud Insights | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.1 | |
Netapp E-series Santricity Storage Manager | ||
Netapp E-series Santricity Web Services Web Services Proxy | ||
Netapp Hci Management Node | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation | ||
Netapp Santricity Unified Manager | ||
Netapp Snapmanager Oracle | ||
Netapp Snapmanager Sap | ||
Netapp Solidfire | ||
Oracle OpenJDK | >=11<=11.0.13 | |
Oracle OpenJDK | >=13<=13.0.9 | |
Oracle OpenJDK | >=15<=15.0.5 | |
Oracle OpenJDK | =17 | |
Oracle OpenJDK | =17.0.1 | |
NetApp 7-Mode Transition Tool | ||
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
Netapp Cloud Insights Acquisition Unit | ||
Netapp Cloud Secure Agent | ||
Netapp Santricity Storage Plugin Vcenter |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID is CVE-2022-21277.
The affected software includes Oracle Java SE (versions 11.0.13 and 17.0.1) and Oracle GraalVM Enterprise Edition (versions 20.3.4 and 21.3.0).
The vulnerability has a severity rating of 5.3 (medium).
To fix the vulnerability, update your Oracle Java SE or Oracle GraalVM Enterprise Edition to the latest patched version.
You can find more information about the vulnerability in the official Oracle security advisory (link: https://www.oracle.com/security-alerts/cpujan2022.html#AppendixJAVA) and the Red Hat security advisories (links: https://access.redhat.com/errata/RHSA-2022:0161, https://access.redhat.com/errata/RHSA-2022:0233).