{"id":"CVE-2022-21366","details":"Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).","modified":"2026-04-02T07:44:52.565629Z","published":"2022-01-19T12:15:15.817Z","related":["ALSA-2022:0161","ALSA-2022:0185","SUSE-SU-2022:0730-1","SUSE-SU-2022:0816-1","SUSE-SU-2022:1025-1","SUSE-SU-2022:1026-1","SUSE-SU-2022:1027-1","SUSE-SU-2022:14926-1","SUSE-SU-2022:14927-1","openSUSE-SU-2022:0816-1","openSUSE-SU-2022:0870-1","openSUSE-SU-2022:1027-1","openSUSE-SU-2024:11798-1","openSUSE-SU-2024:11799-1","openSUSE-SU-2024:11800-1","openSUSE-SU-2024:11810-1"],"references":[{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/202209-05"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220121-0007/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5057"},{"type":"ADVISORY","url":"https://www.debian.org/security/2022/dsa-5058"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/graalvm/graalvm-ce-builds","events":[{"introduced":"0"},{"last_affected":"9e3645fe9e0c84e1350c4b88cfb9fdf432c97fce"},{"introduced":"0"},{"last_affected":"2b9eb103d1668cf5eac22fe85bdad7513681d9e3"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"20.3.4"},{"introduced":"0"},{"last_affected":"21.3.0"}]}},{"type":"GIT","repo":"https://github.com/openjdk/jdk","events":[{"introduced":"0"},{"last_affected":"dfacda488bfbe2e11e8d607a6d08527710286982"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"17"}]}},{"type":"GIT","repo":"https://github.com/openjdk/jdk15u","events":[{"introduced":"0"},{"last_affected":"62007a12b80f381c687f60825b20fe0bbeeb5eaa"},{"introduced":"0"},{"last_affected":"a9a271179d2a7952154b7509a999b100cc98b13c"},{"introduced":"4a588d89f01a650d90432cc14697a5a2ae2c97d3"},{"last_affected":"0fa171bd82048dae22daf3bc434cba2af57e7dd9"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"10.0"},{"introduced":"0"},{"last_affected":"11.0"},{"introduced":"15"},{"last_affected":"15.0.5"}]}}],"versions":["jdk-10+0","jdk-10+1","jdk-10+10","jdk-10+11","jdk-10+12","jdk-10+13","jdk-10+14","jdk-10+15","jdk-10+16","jdk-10+17","jdk-10+18","jdk-10+19","jdk-10+2","jdk-10+20","jdk-10+21","jdk-10+22","jdk-10+23","jdk-10+24","jdk-10+25","jdk-10+26","jdk-10+27","jdk-10+28","jdk-10+29","jdk-10+3","jdk-10+30","jdk-10+31","jdk-10+32","jdk-10+33","jdk-10+34","jdk-10+35","jdk-10+36","jdk-10+37","jdk-10+38","jdk-10+39","jdk-10+4","jdk-10+40","jdk-10+41","jdk-10+42","jdk-10+43","jdk-10+44","jdk-10+45","jdk-10+46","jdk-10+5","jdk-10+6","jdk-10+7","jdk-10+8","jdk-10+9","jdk-11+0","jdk-11+1","jdk-11+10","jdk-11+11","jdk-11+12","jdk-11+13","jdk-11+14","jdk-11+15","jdk-11+16","jdk-11+17","jdk-11+18","jdk-11+19","jdk-11+2","jdk-11+20","jdk-11+21","jdk-11+22","jdk-11+23","jdk-11+24","jdk-11+25","jdk-11+26","jdk-11+27","jdk-11+28","jdk-11+3","jdk-11+4","jdk-11+5","jdk-11+6","jdk-11+7","jdk-11+8","jdk-11+9","jdk-11-ga","jdk-12+0","jdk-12+1","jdk-12+10","jdk-12+11","jdk-12+12","jdk-12+13","jdk-12+14","jdk-12+15","jdk-12+16","jdk-12+17","jdk-12+18","jdk-12+19","jdk-12+2","jdk-12+20","jdk-12+21","jdk-12+22","jdk-12+23","jdk-12+24","jdk-12+25","jdk-12+26","jdk-12+27","jdk-12+28","jdk-12+29","jdk-12+3","jdk-12+30","jdk-12+31","jdk-12+32","jdk-12+33","jdk-12+4","jdk-12+5","jdk-12+6","jdk-12+7","jdk-12+8","jdk-12+9","jdk-12-ga","jdk-13+0","jdk-13+1","jdk-13+10","jdk-13+11","jdk-13+12","jdk-13+13","jdk-13+14","jdk-13+15","jdk-13+16","jdk-13+17","jdk-13+18","jdk-13+19","jdk-13+2","jdk-13+20","jdk-13+21","jdk-13+22","jdk-13+23","jdk-13+24","jdk-13+25","jdk-13+26","jdk-13+27","jdk-13+28","jdk-13+29","jdk-13+3","jdk-13+30","jdk-13+31","jdk-13+32","jdk-13+33","jdk-13+4","jdk-13+5","jdk-13+6","jdk-13+7","jdk-13+8","jdk-13+9","jdk-13-ga","jdk-14+0","jdk-14+1","jdk-14+10","jdk-14+11","jdk-14+12","jdk-14+13","jdk-14+14","jdk-14+15","jdk-14+16","jdk-14+17","jdk-14+18","jdk-14+19","jdk-14+2","jdk-14+20","jdk-14+21","jdk-14+22","jdk-14+23","jdk-14+24","jdk-14+25","jdk-14+26","jdk-14+27","jdk-14+28","jdk-14+29","jdk-14+3","jdk-14+30","jdk-14+31","jdk-14+32","jdk-14+33","jdk-14+34","jdk-14+35","jdk-14+36","jdk-14+4","jdk-14+5","jdk-14+6","jdk-14+7","jdk-14+8","jdk-14+9","jdk-14-ga","jdk-15+0","jdk-15+1","jdk-15+10","jdk-15+11","jdk-15+12","jdk-15+13","jdk-15+14","jdk-15+15","jdk-15+16","jdk-15+17","jdk-15+18","jdk-15+19","jdk-15+2","jdk-15+20","jdk-15+21","jdk-15+22","jdk-15+23","jdk-15+24","jdk-15+25","jdk-15+26","jdk-15+27","jdk-15+28","jdk-15+29","jdk-15+3","jdk-15+30","jdk-15+31","jdk-15+32","jdk-15+33","jdk-15+34","jdk-15+35","jdk-15+36","jdk-15+4","jdk-15+5","jdk-15+6","jdk-15+7","jdk-15+8","jdk-15+9","jdk-15-ga","jdk-15.0.1+6","jdk-15.0.1+7","jdk-15.0.1+8","jdk-15.0.1+9","jdk-15.0.1-ga","jdk-15.0.2+1","jdk-15.0.2+2","jdk-15.0.2+3","jdk-15.0.2+4","jdk-15.0.2+5","jdk-15.0.2+6","jdk-15.0.2+7","jdk-15.0.2-ga","jdk-15.0.3+0","jdk-15.0.3+1","jdk-15.0.3+2","jdk-15.0.3+3","jdk-15.0.3-ga","jdk-15.0.4+0","jdk-15.0.4+1","jdk-15.0.4+2","jdk-15.0.4+3","jdk-15.0.4+4","jdk-15.0.4+5","jdk-15.0.4-ga","jdk-15.0.5+0","jdk-15.0.5+1","jdk-15.0.5+2","jdk-15.0.5+3","jdk-15.0.5-ga","jdk-15.0.6+0","jdk-16+0","jdk-16+1","jdk-16+10","jdk-16+11","jdk-16+12","jdk-16+13","jdk-16+14","jdk-16+15","jdk-16+16","jdk-16+17","jdk-16+18","jdk-16+19","jdk-16+2","jdk-16+20","jdk-16+21","jdk-16+22","jdk-16+23","jdk-16+24","jdk-16+25","jdk-16+26","jdk-16+27","jdk-16+28","jdk-16+29","jdk-16+3","jdk-16+30","jdk-16+31","jdk-16+32","jdk-16+33","jdk-16+34","jdk-16+35","jdk-16+36","jdk-16+4","jdk-16+5","jdk-16+6","jdk-16+7","jdk-16+8","jdk-16+9","jdk-16-ga","jdk-17+0","jdk-17+1","jdk-17+10","jdk-17+11","jdk-17+12","jdk-17+13","jdk-17+14","jdk-17+15","jdk-17+16","jdk-17+17","jdk-17+18","jdk-17+19","jdk-17+2","jdk-17+20","jdk-17+21","jdk-17+22","jdk-17+23","jdk-17+24","jdk-17+25","jdk-17+26","jdk-17+27","jdk-17+28","jdk-17+29","jdk-17+3","jdk-17+30","jdk-17+31","jdk-17+32","jdk-17+33","jdk-17+34","jdk-17+35","jdk-17+4","jdk-17+5","jdk-17+6","jdk-17+7","jdk-17+8","jdk-17+9","jdk-17-ga","jdk-18+0","jdk-18+1","jdk-18+2","jdk-18+3","jdk-18+4","jdk-18+5","jdk-18+6","jdk-18+7","jdk-18+8","jdk-18+9","jdk-9+100","jdk-9+101","jdk-9+102","jdk-9+103","jdk-9+104","jdk-9+105","jdk-9+106","jdk-9+107","jdk-9+108","jdk-9+109","jdk-9+110","jdk-9+111","jdk-9+112","jdk-9+113","jdk-9+114","jdk-9+115","jdk-9+116","jdk-9+117","jdk-9+118","jdk-9+119","jdk-9+120","jdk-9+121","jdk-9+122","jdk-9+123","jdk-9+124","jdk-9+125","jdk-9+126","jdk-9+127","jdk-9+128","jdk-9+129","jdk-9+130","jdk-9+131","jdk-9+132","jdk-9+133","jdk-9+134","jdk-9+135","jdk-9+136","jdk-9+137","jdk-9+138","jdk-9+139","jdk-9+140","jdk-9+141","jdk-9+142","jdk-9+143","jdk-9+144","jdk-9+145","jdk-9+146","jdk-9+147","jdk-9+148","jdk-9+149","jdk-9+150","jdk-9+151","jdk-9+152","jdk-9+153","jdk-9+154","jdk-9+155","jdk-9+156","jdk-9+157","jdk-9+158","jdk-9+159","jdk-9+160","jdk-9+161","jdk-9+162","jdk-9+163","jdk-9+164","jdk-9+165","jdk-9+166","jdk-9+167","jdk-9+168","jdk-9+169","jdk-9+170","jdk-9+171","jdk-9+172","jdk-9+173","jdk-9+174","jdk-9+175","jdk-9+176","jdk-9+177","jdk-9+178","jdk-9+179","jdk-9+180","jdk-9+181","jdk-9+95","jdk-9+96","jdk-9+97","jdk-9+98","jdk-9+99","jdk7-b100","jdk7-b101","jdk7-b102","jdk7-b103","jdk7-b104","jdk7-b105","jdk7-b106","jdk7-b107","jdk7-b108","jdk7-b109","jdk7-b110","jdk7-b111","jdk7-b112","jdk7-b113","jdk7-b114","jdk7-b115","jdk7-b116","jdk7-b117","jdk7-b118","jdk7-b119","jdk7-b120","jdk7-b121","jdk7-b122","jdk7-b123","jdk7-b124","jdk7-b125","jdk7-b126","jdk7-b127","jdk7-b128","jdk7-b129","jdk7-b130","jdk7-b131","jdk7-b132","jdk7-b133","jdk7-b134","jdk7-b135","jdk7-b136","jdk7-b137","jdk7-b138","jdk7-b139","jdk7-b140","jdk7-b141","jdk7-b142","jdk7-b143","jdk7-b144","jdk7-b145","jdk7-b146","jdk7-b147","jdk7-b24","jdk7-b25","jdk7-b26","jdk7-b27","jdk7-b28","jdk7-b29","jdk7-b30","jdk7-b31","jdk7-b32","jdk7-b33","jdk7-b34","jdk7-b35","jdk7-b36","jdk7-b37","jdk7-b38","jdk7-b39","jdk7-b40","jdk7-b41","jdk7-b42","jdk7-b43","jdk7-b44","jdk7-b45","jdk7-b46","jdk7-b47","jdk7-b48","jdk7-b49","jdk7-b50","jdk7-b51","jdk7-b52","jdk7-b53","jdk7-b54","jdk7-b55","jdk7-b56","jdk7-b57","jdk7-b58","jdk7-b59","jdk7-b60","jdk7-b61","jdk7-b62","jdk7-b63","jdk7-b64","jdk7-b65","jdk7-b66","jdk7-b67","jdk7-b68","jdk7-b69","jdk7-b70","jdk7-b71","jdk7-b72","jdk7-b73","jdk7-b74","jdk7-b75","jdk7-b76","jdk7-b77","jdk7-b78","jdk7-b79","jdk7-b80","jdk7-b81","jdk7-b82","jdk7-b83","jdk7-b84","jdk7-b85","jdk7-b86","jdk7-b87","jdk7-b88","jdk7-b89","jdk7-b90","jdk7-b91","jdk7-b92","jdk7-b93","jdk7-b94","jdk7-b95","jdk7-b96","jdk7-b97","jdk7-b98","jdk7-b99","jdk8-b01","jdk8-b02","jdk8-b03","jdk8-b04","jdk8-b05","jdk8-b06","jdk8-b07","jdk8-b08","jdk8-b09","jdk8-b10","jdk8-b100","jdk8-b101","jdk8-b102","jdk8-b103","jdk8-b104","jdk8-b105","jdk8-b106","jdk8-b107","jdk8-b108","jdk8-b109","jdk8-b11","jdk8-b110","jdk8-b111","jdk8-b112","jdk8-b113","jdk8-b114","jdk8-b115","jdk8-b116","jdk8-b117","jdk8-b118","jdk8-b119","jdk8-b12","jdk8-b120","jdk8-b13","jdk8-b14","jdk8-b15","jdk8-b16","jdk8-b17","jdk8-b18","jdk8-b19","jdk8-b20","jdk8-b21","jdk8-b22","jdk8-b23","jdk8-b24","jdk8-b25","jdk8-b26","jdk8-b27","jdk8-b28","jdk8-b29","jdk8-b30","jdk8-b31","jdk8-b32","jdk8-b33","jdk8-b34","jdk8-b35","jdk8-b36","jdk8-b37","jdk8-b38","jdk8-b39","jdk8-b40","jdk8-b41","jdk8-b42","jdk8-b43","jdk8-b44","jdk8-b45","jdk8-b46","jdk8-b47","jdk8-b48","jdk8-b49","jdk8-b50","jdk8-b51","jdk8-b52","jdk8-b53","jdk8-b54","jdk8-b55","jdk8-b56","jdk8-b57","jdk8-b58","jdk8-b59","jdk8-b60","jdk8-b61","jdk8-b62","jdk8-b63","jdk8-b64","jdk8-b65","jdk8-b66","jdk8-b67","jdk8-b68","jdk8-b69","jdk8-b70","jdk8-b71","jdk8-b72","jdk8-b73","jdk8-b74","jdk8-b75","jdk8-b76","jdk8-b77","jdk8-b78","jdk8-b79","jdk8-b80","jdk8-b81","jdk8-b82","jdk8-b83","jdk8-b84","jdk8-b85","jdk8-b86","jdk8-b87","jdk8-b88","jdk8-b89","jdk8-b90","jdk8-b91","jdk8-b92","jdk8-b93","jdk8-b94","jdk8-b95","jdk8-b96","jdk8-b97","jdk8-b98","jdk8-b99","jdk9-b00","jdk9-b01","jdk9-b02","jdk9-b03","jdk9-b04","jdk9-b05","jdk9-b06","jdk9-b07","jdk9-b08","jdk9-b09","jdk9-b10","jdk9-b11","jdk9-b12","jdk9-b13","jdk9-b14","jdk9-b15","jdk9-b16","jdk9-b17","jdk9-b18","jdk9-b19","jdk9-b20","jdk9-b21","jdk9-b22","jdk9-b23","jdk9-b24","jdk9-b25","jdk9-b26","jdk9-b27","jdk9-b28","jdk9-b29","jdk9-b30","jdk9-b31","jdk9-b32","jdk9-b33","jdk9-b34","jdk9-b35","jdk9-b36","jdk9-b37","jdk9-b38","jdk9-b39","jdk9-b40","jdk9-b41","jdk9-b42","jdk9-b43","jdk9-b44","jdk9-b45","jdk9-b46","jdk9-b47","jdk9-b48","jdk9-b49","jdk9-b50","jdk9-b51","jdk9-b52","jdk9-b53","jdk9-b54","jdk9-b55","jdk9-b56","jdk9-b57","jdk9-b58","jdk9-b59","jdk9-b60","jdk9-b61","jdk9-b62","jdk9-b63","jdk9-b64","jdk9-b65","jdk9-b66","jdk9-b67","jdk9-b68","jdk9-b69","jdk9-b70","jdk9-b71","jdk9-b72","jdk9-b73","jdk9-b74","jdk9-b75","jdk9-b76","jdk9-b77","jdk9-b78","jdk9-b79","jdk9-b80","jdk9-b81","jdk9-b82","jdk9-b83","jdk9-b84","jdk9-b85","jdk9-b86","jdk9-b87","jdk9-b88","jdk9-b89","jdk9-b90","jdk9-b91","jdk9-b92","jdk9-b93","jdk9-b94","vm-19.3.0","vm-19.3.0.2","vm-19.3.1","vm-19.3.2","vm-19.3.2-pre","vm-19.3.3","vm-19.3.4","vm-19.3.5","vm-19.3.6","vm-20.0.0","vm-20.0.1","vm-20.1.0","vm-20.2.0","vm-20.3.0","vm-20.3.1","vm-20.3.1.2","vm-20.3.2","vm-20.3.3","vm-20.3.4","vm-21.0.0","vm-21.0.0.2","vm-21.1.0","vm-21.2.0","vm-ce-21.2.0"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.0.13"}]},{"events":[{"introduced":"0"},{"last_affected":"17.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0.13"}]},{"events":[{"introduced":"0"},{"last_affected":"17.0.1"}]},{"events":[{"introduced":"11.0.0"},{"last_affected":"11.70.1"}]},{"events":[{"introduced":"11"},{"last_affected":"11.0.13"}]},{"events":[{"introduced":"13"},{"last_affected":"13.0.9"}]},{"events":[{"introduced":"0"},{"last_affected":"17.0.1"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-21366.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}