CVE-2017-12626 – org.apache:poi

Package

Manager: maven
Name: org.apache:poi
Vulnerable Version: >=0 <3.17

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Affected versions of this package are vulnerable to Denial of Service (DoS) in two possible scenarios. Infinite Loops while parsing crafted WMF, EMF, MSG and macros, and Out of Memory Exceptions while parsing crafted DOC, PPT and XLS.

Metadata

Created:
Modified:
Source: MANUAL
CWE IDs: ["CWE-835"]
Alternative ID: N/A
Finding: F138
Auto approve: 1