Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of
Oracle Java SE (component: Swing). Supported versions that are affected are
Java SE: 7u311, 8u301, 11.0.12, 17; Oracle GraalVM Enterprise Edition:
20.3.3 and 21.2.0. Easily exploitable vulnerability allows unauthenticated
attacker with network access via multiple protocols to compromise Java SE,
Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability
can result in unauthorized ability to cause a partial denial of service
(partial DOS) of Java SE, Oracle GraalVM Enterprise Edition. Note: This
vulnerability applies to Java deployments, typically in clients running
sandboxed Java Web Start applications or sandboxed Java applets, that load
and run untrusted code (e.g., code that comes from the internet) and rely
on the Java sandbox for security. This vulnerability can also be exploited
by using APIs in the specified Component, e.g., through a web service which
supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts).
CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

It was discovered that the Rich Text Format (RTF) Reader in OpenJDK
did not properly restrict the amount of memory allocated in some
situations. An attacker could use this to specially craft an RTF
file that caused a denial of service.