Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2017-12626 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 5.3 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | None |
User Interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity Impact | None |
Availability Impact | Low |
Platform | Errata | Release Date |
---|---|---|
Red Hat JBoss Fuse 6.3 | RHSA-2018:1322 | 2018-05-03 |
Red Hat JBoss A-MQ 6.3 | RHSA-2018:1322 | 2018-05-03 |
Platform | Package | State |
---|---|---|
Red Hat JBoss Portal Platform 6 | poi | Will not fix |
Red Hat JBoss Fuse Service Works 6 | poi | Will not fix |
Red Hat JBoss Data Virtualization 6 | poi | Will not fix |
Red Hat JBoss BRMS 6 | poi | Will not fix |
Red Hat JBoss BRMS 5 | poi | Not affected |
Red Hat JBoss BPMS 6 | poi | Will not fix |