Apache POI Denial of Service Vulnerability in Document Processing
CVE-2012-0213

Currently unrated

Key Information:

Vendor

Apache
Status
Poi
Vendor
CVE Published:
7 August 2012

What is CVE-2012-0213?

The UnhandledDataStructure function in the Apache POI library versions 3.8 and earlier is susceptible to a denial of service attack. By submitting a specially crafted document with manipulated length values in the Channel Definition Format (CDF) or Compound File Binary Format (CFBF), an attacker can trigger an OutOfMemoryError. This may lead to JVM instability, affecting the availability of applications relying on Apache POI for document processing. Organizations utilizing these versions of Apache POI should take immediate actions to ensure proper input validation and consider upgrading to a secure version to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www-01.ibm.com/support/docview.wss?uid=swg21996759
x_refsource_CONFIRM
http://secunia.com/advisories/49040
third-party-advisoryx_refsource_SECUNIA
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
x_refsource_CONFIRM

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.