Integer Overflow or Wraparound Affecting org.graalvm.sdk:graal-sdk package, versions [,20.3.5) [21.0.0,21.3.1)
Do your applications use this vulnerable package?
19 Jan 2022
18 Jan 2022
How to fix?
org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.
Affected versions of this package are vulnerable to Integer Overflow or Wraparound. A flaw was found in the
BMPImageReader class implementation in the ImageIO component, which allows a specially-crafted BMP image to bypass previously applied protection and cause a Java application to allocate an excessive amount of memory when opened.
this is due to an incomplete fix for CVE-2021-35586.