https://bugzilla.redhat.com/show_bug.cgi?id=1539989
Bug ID: 1539989
Summary: CVE-2017-12626 poi: Parsing of multiple file types can
cause a denial of service via infinite loop or out of
memory exception
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: sfowler(a)redhat.com
CC: aileenc(a)redhat.com, alazarot(a)redhat.com,
anstephe(a)redhat.com, chazlett(a)redhat.com,
etirelli(a)redhat.com, gvarsami(a)redhat.com,
hchiorea(a)redhat.com, ibek(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jolee(a)redhat.com,
jstastny(a)redhat.com, kconner(a)redhat.com,
kverlaen(a)redhat.com, ldimaggi(a)redhat.com,
lef(a)fedoraproject.org, lpetrovi(a)redhat.com,
mat.booth(a)redhat.com, nwallace(a)redhat.com,
paradhya(a)redhat.com, pavelp(a)redhat.com,
pszubiak(a)redhat.com, rrajasek(a)redhat.com,
rsynek(a)redhat.com, rwagner(a)redhat.com,
rzhang(a)redhat.com, sdaley(a)redhat.com,
tcunning(a)redhat.com, tkirby(a)redhat.com,
vhalbert(a)redhat.com
Apache POI versions prior to release 3.17 are vulnerable to Denial of Service
(DoS) attacks caused by multiple bugs in parsing specially crafted files.
Parsing of WMF, EMF, MSG files and macros can lead to infinite loops, while
parsing DOC, PPT and XLS files can cause out of memory exceptions.
External References:
https://nvd.nist.gov/vuln/detail/CVE-2017-12626
https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e...
--
You are receiving this mail because:
You are on the CC list for the bug.