First published: Mon Jan 17 2022(Updated: )
A flaw was found in the way the BMPImageReader class implementation in the ImageIO component of OpenJDK preformed memory allocations when reading palette information from BMP images. A specially-crafted BMP file could cause a Java application to consume an excessive amount of memory when opened.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/java | <11-openjdk-1:11.0.14.0.9-1.el7_9 | 11-openjdk-1:11.0.14.0.9-1.el7_9 |
redhat/java | <1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9 | 1.8.0-openjdk-1:1.8.0.322.b06-1.el7_9 |
redhat/java | <1.8.0-ibm-1:1.8.0.7.5-1jpp.1.el7 | 1.8.0-ibm-1:1.8.0.7.5-1jpp.1.el7 |
redhat/java | <1.7.1-ibm-1:1.7.1.5.5-1jpp.1.el7 | 1.7.1-ibm-1:1.7.1.5.5-1jpp.1.el7 |
redhat/java | <17-openjdk-1:17.0.2.0.8-4.el8_5 | 17-openjdk-1:17.0.2.0.8-4.el8_5 |
redhat/java | <11-openjdk-1:11.0.14.0.9-2.el8_5 | 11-openjdk-1:11.0.14.0.9-2.el8_5 |
redhat/java | <1.8.0-openjdk-1:1.8.0.322.b06-2.el8_5 | 1.8.0-openjdk-1:1.8.0.322.b06-2.el8_5 |
redhat/java | <1.8.0-ibm-1:1.8.0.7.5-1.el8_5 | 1.8.0-ibm-1:1.8.0.7.5-1.el8_5 |
redhat/java | <11-openjdk-1:11.0.14.0.9-1.el8_1 | 11-openjdk-1:11.0.14.0.9-1.el8_1 |
redhat/java | <1.8.0-openjdk-1:1.8.0.322.b06-1.el8_1 | 1.8.0-openjdk-1:1.8.0.322.b06-1.el8_1 |
redhat/java | <11-openjdk-1:11.0.14.0.9-1.el8_2 | 11-openjdk-1:11.0.14.0.9-1.el8_2 |
redhat/java | <1.8.0-openjdk-1:1.8.0.322.b06-1.el8_2 | 1.8.0-openjdk-1:1.8.0.322.b06-1.el8_2 |
redhat/java | <11-openjdk-1:11.0.14.0.9-2.el8_4 | 11-openjdk-1:11.0.14.0.9-2.el8_4 |
redhat/java | <1.8.0-openjdk-1:1.8.0.322.b06-2.el8_4 | 1.8.0-openjdk-1:1.8.0.322.b06-2.el8_4 |
debian/openjdk-11 | 11.0.16+8-1~deb10u1 11.0.21+9-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1~deb11u1 11.0.22~6ea-1 | |
debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.9+9-1~deb11u1 17.0.9+9-1~deb12u1 17.0.9+9-2 17.0.10~6ea-1 | |
debian/openjdk-8 | 8u392-ga-1 | |
Oracle GraalVM | =20.3.4 | |
Oracle GraalVM | =21.3.0 | |
Oracle JDK | =1.7.0-update321 | |
Oracle JDK | =1.8.0-update311 | |
Oracle JDK | =11.0.13 | |
Oracle JDK | =17.0.1 | |
Oracle JRE | =1.7.0-update321 | |
Oracle JRE | =1.8.0-update311 | |
Oracle JRE | =11.0.13 | |
Oracle JRE | =17.0.1 | |
NetApp 7-Mode Transition Tool | ||
Netapp Cloud Insights | ||
NetApp E-Series SANtricity OS Controller | >=11.0.0<=11.70.1 | |
Netapp E-series Santricity Storage Manager | ||
Netapp E-series Santricity Web Services Web Services Proxy | ||
Netapp Hci Management Node | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation | ||
Netapp Santricity Unified Manager | ||
Netapp Snapmanager Oracle | ||
Netapp Snapmanager Sap | ||
Netapp Solidfire | ||
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Oracle OpenJDK | >=11<=11.0.13 | |
Oracle OpenJDK | >=13<=13.0.9 | |
Oracle OpenJDK | >=15<=15.0.5 | |
Oracle OpenJDK | =7 | |
Oracle OpenJDK | =7-update1 | |
Oracle OpenJDK | =7-update10 | |
Oracle OpenJDK | =7-update101 | |
Oracle OpenJDK | =7-update11 | |
Oracle OpenJDK | =7-update111 | |
Oracle OpenJDK | =7-update121 | |
Oracle OpenJDK | =7-update13 | |
Oracle OpenJDK | =7-update131 | |
Oracle OpenJDK | =7-update141 | |
Oracle OpenJDK | =7-update15 | |
Oracle OpenJDK | =7-update151 | |
Oracle OpenJDK | =7-update161 | |
Oracle OpenJDK | =7-update17 | |
Oracle OpenJDK | =7-update171 | |
Oracle OpenJDK | =7-update181 | |
Oracle OpenJDK | =7-update191 | |
Oracle OpenJDK | =7-update2 | |
Oracle OpenJDK | =7-update201 | |
Oracle OpenJDK | =7-update21 | |
Oracle OpenJDK | =7-update211 | |
Oracle OpenJDK | =7-update221 | |
Oracle OpenJDK | =7-update231 | |
Oracle OpenJDK | =7-update241 | |
Oracle OpenJDK | =7-update25 | |
Oracle OpenJDK | =7-update251 | |
Oracle OpenJDK | =7-update261 | |
Oracle OpenJDK | =7-update271 | |
Oracle OpenJDK | =7-update281 | |
Oracle OpenJDK | =7-update291 | |
Oracle OpenJDK | =7-update3 | |
Oracle OpenJDK | =7-update301 | |
Oracle OpenJDK | =7-update311 | |
Oracle OpenJDK | =7-update321 | |
Oracle OpenJDK | =7-update4 | |
Oracle OpenJDK | =7-update40 | |
Oracle OpenJDK | =7-update45 | |
Oracle OpenJDK | =7-update5 | |
Oracle OpenJDK | =7-update51 | |
Oracle OpenJDK | =7-update55 | |
Oracle OpenJDK | =7-update6 | |
Oracle OpenJDK | =7-update60 | |
Oracle OpenJDK | =7-update65 | |
Oracle OpenJDK | =7-update67 | |
Oracle OpenJDK | =7-update7 | |
Oracle OpenJDK | =7-update72 | |
Oracle OpenJDK | =7-update76 | |
Oracle OpenJDK | =7-update80 | |
Oracle OpenJDK | =7-update85 | |
Oracle OpenJDK | =7-update9 | |
Oracle OpenJDK | =7-update91 | |
Oracle OpenJDK | =7-update95 | |
Oracle OpenJDK | =7-update97 | |
Oracle OpenJDK | =7-update99 | |
Oracle OpenJDK | =8 | |
Oracle OpenJDK | =8-milestone1 | |
Oracle OpenJDK | =8-milestone2 | |
Oracle OpenJDK | =8-milestone3 | |
Oracle OpenJDK | =8-milestone4 | |
Oracle OpenJDK | =8-milestone5 | |
Oracle OpenJDK | =8-milestone6 | |
Oracle OpenJDK | =8-milestone7 | |
Oracle OpenJDK | =8-milestone8 | |
Oracle OpenJDK | =8-milestone9 | |
Oracle OpenJDK | =8-update101 | |
Oracle OpenJDK | =8-update102 | |
Oracle OpenJDK | =8-update11 | |
Oracle OpenJDK | =8-update111 | |
Oracle OpenJDK | =8-update112 | |
Oracle OpenJDK | =8-update121 | |
Oracle OpenJDK | =8-update131 | |
Oracle OpenJDK | =8-update141 | |
Oracle OpenJDK | =8-update151 | |
Oracle OpenJDK | =8-update152 | |
Oracle OpenJDK | =8-update161 | |
Oracle OpenJDK | =8-update162 | |
Oracle OpenJDK | =8-update171 | |
Oracle OpenJDK | =8-update172 | |
Oracle OpenJDK | =8-update181 | |
Oracle OpenJDK | =8-update191 | |
Oracle OpenJDK | =8-update192 | |
Oracle OpenJDK | =8-update20 | |
Oracle OpenJDK | =8-update201 | |
Oracle OpenJDK | =8-update202 | |
Oracle OpenJDK | =8-update211 | |
Oracle OpenJDK | =8-update212 | |
Oracle OpenJDK | =8-update221 | |
Oracle OpenJDK | =8-update222 | |
Oracle OpenJDK | =8-update231 | |
Oracle OpenJDK | =8-update232 | |
Oracle OpenJDK | =8-update241 | |
Oracle OpenJDK | =8-update242 | |
Oracle OpenJDK | =8-update25 | |
Oracle OpenJDK | =8-update252 | |
Oracle OpenJDK | =8-update262 | |
Oracle OpenJDK | =8-update271 | |
Oracle OpenJDK | =8-update281 | |
Oracle OpenJDK | =8-update282 | |
Oracle OpenJDK | =8-update291 | |
Oracle OpenJDK | =8-update301 | |
Oracle OpenJDK | =8-update302 | |
Oracle OpenJDK | =8-update31 | |
Oracle OpenJDK | =8-update312 | |
Oracle OpenJDK | =8-update40 | |
Oracle OpenJDK | =8-update45 | |
Oracle OpenJDK | =8-update5 | |
Oracle OpenJDK | =8-update51 | |
Oracle OpenJDK | =8-update60 | |
Oracle OpenJDK | =8-update65 | |
Oracle OpenJDK | =8-update66 | |
Oracle OpenJDK | =8-update71 | |
Oracle OpenJDK | =8-update72 | |
Oracle OpenJDK | =8-update73 | |
Oracle OpenJDK | =8-update74 | |
Oracle OpenJDK | =8-update77 | |
Oracle OpenJDK | =8-update91 | |
Oracle OpenJDK | =8-update92 | |
Oracle OpenJDK | =17 | |
Oracle OpenJDK | =17.0.1 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
Netapp Cloud Insights Acquisition Unit | ||
Netapp Cloud Secure Agent | ||
Netapp Santricity Storage Plugin Vcenter | ||
IBM Security Guardium | <=10.5 | |
IBM Security Guardium | <=10.6 | |
IBM Security Guardium | <=11.0 | |
IBM Security Guardium | <=11.1 | |
IBM Security Guardium | <=11.3 | |
IBM Security Guardium | <=11.2 | |
IBM Security Guardium | <=11.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)