PT-2020-3592 · Oracle+5 · Java Se+6

Published

2020-07-14

·

Updated

2026-05-08

·

CVE-2020-14562

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions Java SE versions 11.0.7 and 14.0.1
Description The issue is related to insufficient input validation in the ImageIO component of Oracle Java SE, allowing a remote attacker to cause a partial denial of service via multiple protocols. This vulnerability applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security. It does not apply to Java deployments that load and run only trusted code, typically in servers.
Recommendations For Java SE version 11.0.7, update to a version that includes the fix for this issue. For Java SE version 14.0.1, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the use of the ImageIO component until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2020-03926
BIT-JAVA-2020-14562
BIT-JAVA-MIN-2020-14562
BIT-JRE-2020-14562
CESA-2020_2969
CESA-2020_2970
CVE-2020-14562
DSA-4734-1
OESA-2024-2485
OESA-2024-2486
OESA-2024-2487
OESA-2024-2488
OESA-2024-2489
OPENSUSE-SU-2020:1175-1
OPENSUSE-SU-2020:1191-1
OPENSUSE-SU-2020_1175-1
OPENSUSE-SU-2020_1191-1
OPENSUSE-SU-2024:10871-1
OPENSUSE-SU-2024:10872-1
OPENSUSE-SU-2024:10873-1
RHSA-2020:2969
RHSA-2020:2970
RHSA-2020:3098
RHSA-2020:3099
RHSA-2020_2969
RHSA-2020_2970
SUSE-SU-2020:2008-1
SUSE-SU-2020:2143-1
USN-4433-1

Affected Products

Centos
Java Platform
Java Se
Linuxmint
Red Hat
Suse
Ubuntu