#VU12842 Infinite loop in Apache POI - CVE-2017-12626
Published: May 18, 2018
Vulnerability identifier: #VU12842
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2017-12626
CWE-ID: CWE-835
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Apache POI
Apache POI
Software vendor:
Apache Foundation
Apache Foundation
Description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to infinite loops while parsing specially crafted WMF, EMF, MSG and macros and out of Memory exceptions while parsing specially crafted DOC, PPT and XLS. A remote attacker can cause the service to crash.
The weakness exists due to infinite loops while parsing specially crafted WMF, EMF, MSG and macros and out of Memory exceptions while parsing specially crafted DOC, PPT and XLS. A remote attacker can cause the service to crash.
Remediation
Update to version 3.17.