[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE-2022-26336: poi-scratchpad: A carefully crafted TNEF file can cause an out of mem
From: PJ Fanning <fanningpj () apache ! org>
Date: 2022-03-04 11:04:02
Message-ID: 916e8648-6c5b-ae73-8a09-549c6c10bbf7 () apache ! org
[Download RAW message or body]
Severity: moderate
Description:
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an \
Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and \
Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the \
application allows untrusted users to supply them, then a carefully crafted file can cause an \
Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. \
Users are recommended to upgrade to poi-scratchpad 5.2.1.
This issue is being tracked as https://bz.apache.org/bugzilla/show_bug.cgi?id=65899
Credit:
Apache POI would like to thank Craig Haft of Yahoo Inc. for reporting and providing a patch for \
this issue.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic