[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] =?UTF-8?Q?CVE-2017-12626_=E2=80=93_Denial_of_Service_?= =?UTF-8?Q?Vulnerabilities_in_
From: Tim Allison <tallison () apache ! org>
Date: 2018-01-26 19:31:27
Message-ID: 1190211676.1193152.1516995087060 () mail ! yahoo ! com
[Download RAW message or body]
Title: CVE-2017-12626 – Denial of Service Vulnerabilities in Apache POI < 3.17
Severity: Important
Vendor: The Apache Software Foundation
Versions affected: versions prior to version 3.17
Description:
Apache POI versions prior to release 3.17 are vulnerable to Denial of Service Attacks:
* Infinite Loops while parsing specially crafted WMF, EMF, MSG and macros
(POI bugs 61338 [0] and 61294 [1])
* Out of Memory Exceptions while parsing specially crafted DOC, PPT and XLS
(POI bugs 52372 [2] and 61295 [3])
Mitigation: Users with applications which accept content from external or untrusted sources \
are advised to upgrade to Apache POI 3.17 or newer.
-Tim Allison
on behalf of the Apache POI PMC
[0] https://bz.apache.org/bugzilla/show_bug.cgi?id=61338
[1] https://bz.apache.org/bugzilla/show_bug.cgi?id=61294
[2] https://bz.apache.org/bugzilla/show_bug.cgi?id=52372
[3] https://bz.apache.org/bugzilla/show_bug.cgi?id=61295
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic