A flaw was found in the color management code in the 2D component of OpenJDK. A specially-crafted image file could cause a Java application to disclose portion of its memory.
Public now via Oracle CPU July 2020:
Fixed in Oracle Java SE 14.0.2, 11.0.8, and 8u261.
OpenJDK-11 upstream commit:
OpenJDK-8 upstream commit:
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
The fix for this CVE affects the code of the LittleCMS / lcms project that is embedded in the OpenJDK sources. The patch consists of two parts:
- Increase of the Colorant buffer size in the WriteNamedColorCRD() function.
- A change of compiler flags to work around Xcode / clang bug on MacOS.
The Colorant buffer size increase was applied to the LittleCMS upstream code via the following pull request and commit:
While the fix there is described as buffer overflow fix, the further analysis of the code showed that the overflow was not actually possible because of what data gets stored in the buffer. Hence that part of the OpenJDK commit does not have any security impact.
The other part of the OpenJDK commit has to be relevant to this CVE. However, as that problems is specific to MacOS builds of OpenJDK, it does not affect any OpenJDK packages distributed by Red Hat.