CVE-2017-12626

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Poi
Vendor: CVE Published:; 26 January 2018

Summary

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).

Affected Version(s)

Apache POI < 3.17

References

https://access.redhat.com/errata/RHSA-2018:1322

vendor-advisoryx_refsource_REDHAT

https://lists.apache.org/thread.html/453d9af5dbabaccd9afb...

mailing-listx_refsource_MLIST

http://www.securityfocus.com/bid/102879

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2018
Vulnerability Reserved
Aug 7, 2017

.