Fedora Account System
Red Hat Associate
Red Hat Customer
It was discovered that the TIFF plugin in the ImageIO component of OpenJDK did not restrict the amount of memory allocated when reading TIFF image files. A specially-crafted TIFF file could cause a Java application using ImageIO to allocate an excessive amount of memory disproportionate to the image size.
Public now via Oracle CPU July 2020: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixJAVA Fixed in Oracle Java SE 14.0.2 and 11.0.8.
OpenJDK-11 upstream commit: http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/b76559430fce
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:2970 https://access.redhat.com/errata/RHSA-2020:2970
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:2969 https://access.redhat.com/errata/RHSA-2020:2969
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:3098 https://access.redhat.com/errata/RHSA-2020:3098
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2020:3099 https://access.redhat.com/errata/RHSA-2020:3099
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-14562