CVE-2017-12626

CWE-83515 documents9 sources
Severity
7.5HIGH
EPSS
1.3%
top 20.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Apache Software Foundation Apache POIApache POI
Timeline
PublishedJan 29
Latest updateApr 15

Description

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDapache/poi< 3.17
Mavenorg.apache.poi:poi< 3.17
Debianlibapache-poi-java< 3.17-1+3

🔴Vulnerability Details

4
GHSA
Denial of Service in Apache POI2021-01-14
OSV
Denial of Service in Apache POI2021-01-14
OSV
CVE-2017-12626: Apache POI in versions prior to release 32018-01-29
CVEList
CVE-2017-12626: Apache POI in versions prior to release 32018-01-29

📋Vendor Advisories

8
Oracle
Oracle Oracle Retail Applications Risk Matrix: Sales Audit Maintenance (Apache POI) — CVE-2017-126262021-04-15
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: General (Apache POI) — CVE-2017-126262021-01-15
Oracle
Oracle Oracle Insurance Applications Risk Matrix: Architecture (Apache POI) — CVE-2017-126262020-07-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: IDIH Visualization (Apache POI) — CVE-2017-126262020-04-15
Oracle
Oracle Oracle Enterprise Manager Risk Matrix: Load Testing for Web Apps (Apache POI) — CVE-2017-126262020-01-15

💬Community

2
Bugzilla
CVE-2017-12626 poi: Parsing of multiple file types can cause a denial of service via infinite loop or out of memory exception2018-01-30
Bugzilla
CVE-2017-12626 apache-poi: poi: Parsing of multiple file types can cause a denial of service via infinite loop or out of memory exception [fedora-all]2018-01-30
CVE-2017-12626 (HIGH CVSS 7.5) | Apache POI in versions prior to rel | cvebase.io