CVE-2017-12626
Publication date 29 January 2018
Last updated 24 July 2024
Ubuntu priority
Cvss 3 Severity Score
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).
Status
Package | Ubuntu Release | Status |
---|---|---|
libapache-poi-java | 24.10 oracular |
Not affected
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal |
Not affected
|
|
18.04 LTS bionic |
Vulnerable
|
|
16.04 LTS xenial |
Vulnerable
|
|
14.04 LTS trusty | Not in release |
Severity score breakdown
Parameter | Value |
---|---|
Base score |
|
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
References
Other references
- https://bz.apache.org/bugzilla/show_bug.cgi?id=61338
- https://bz.apache.org/bugzilla/show_bug.cgi?id=61294
- https://bz.apache.org/bugzilla/show_bug.cgi?id=52372
- https://bz.apache.org/bugzilla/show_bug.cgi?id=61295
- https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b@%3Cdev.poi.apache.org%3E
- https://www.cve.org/CVERecord?id=CVE-2017-12626