Apache POI Vulnerabilities: Denial of Service Attacks through Crafted Files

Apache POI Vulnerabilities: Denial of Service Attacks through Crafted Files

CVE-2017-12626 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).

Learn more about our Web Application Penetration Testing UK.