Published: 04/03/2022 Updated: 07/12/2022

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an malicious user to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache poi
netapp active iq unified manager -

Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server) If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully craf ...

CWE-20 CWE-770 https://lists.apache.org/thread/sprg0kq986pc2271dc3v2oxb1f9qx09j https://security.netapp.com/advisory/ntap-20221028-0006/https://access.redhat.com/errata/RHSA-2022:5532 https://nvd.nist.gov

CVE-2022-26336

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect