Apache POI Denial of Service Vulnerability in Document Processing
CVE-2012-0213

Currently unrated

Key Information:

Vendor: Apache
Status: Poi
Vendor: CVE Published:; 7 August 2012

Summary

The UnhandledDataStructure function in the Apache POI library versions 3.8 and earlier is susceptible to a denial of service attack. By submitting a specially crafted document with manipulated length values in the Channel Definition Format (CDF) or Compound File Binary Format (CFBF), an attacker can trigger an OutOfMemoryError. This may lead to JVM instability, affecting the availability of applications relying on Apache POI for document processing. Organizations utilizing these versions of Apache POI should take immediate actions to ensure proper input validation and consider upgrading to a secure version to mitigate this risk.

References

http://www-01.ibm.com/support/docview.wss?uid=swg21996759

x_refsource_CONFIRM

http://secunia.com/advisories/49040

third-party-advisoryx_refsource_SECUNIA

https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...

x_refsource_CONFIRM

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 7, 2012
Vulnerability Reserved
Dec 14, 2011