Denial of Service Vulnerability in Apache POI Prior to Version 3.17
CVE-2017-12626

7.5HIGH

Key Information:

Vendor
Apache
Status
Apache Poi
Vendor
CVE Published:
26 January 2018

Summary

Apache POI versions prior to 3.17 are susceptible to Denial of Service attacks. Specifically, the vulnerability manifests through infinite loops during the parsing of crafted WMF, EMF, MSG files, and memory exhaustion when handling DOC, PPT, and XLS files. This can lead to significant disruption in service availability. Security updates are recommended to mitigate this risk.

Affected Version(s)

Apache POI < 3.17

References

https://access.redhat.com/errata/RHSA-2018:1322
vendor-advisoryx_refsource_REDHAT
https://lists.apache.org/thread.html/453d9af5dbabaccd9afb...
mailing-listx_refsource_MLIST
http://www.securityfocus.com/bid/102879
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.