CVE-2012-0213

Currently unrated

Key Information:

Vendor: Apache
Status: Poi
Vendor: CVE Published:; 7 August 2012

Summary

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21996759

x_refsource_CONFIRM

http://secunia.com/advisories/49040

third-party-advisoryx_refsource_SECUNIA

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...

x_refsource_CONFIRM

Timeline

Vulnerability published
Aug 7, 2012
Vulnerability Reserved
Dec 14, 2011