Candidate: CVE-2017-12626
PublicDate: 2018-01-29 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12626
 https://bz.apache.org/bugzilla/show_bug.cgi?id=61338
 https://bz.apache.org/bugzilla/show_bug.cgi?id=61294
 https://bz.apache.org/bugzilla/show_bug.cgi?id=52372
 https://bz.apache.org/bugzilla/show_bug.cgi?id=61295
 https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b@%3Cdev.poi.apache.org%3E
Description:
 Apache POI in versions prior to release 3.17 are vulnerable to Denial of
 Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and
 macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while
 parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888651
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_libapache-poi-java:
upstream_libapache-poi-java: released (3.17-1)
precise/esm_libapache-poi-java: DNE
trusty_libapache-poi-java: ignored (reached end-of-life)
trusty/esm_libapache-poi-java: DNE (trusty was needed)
xenial_libapache-poi-java: ignored (end of standard support, was needed)
artful_libapache-poi-java: ignored (reached end-of-life)
bionic_libapache-poi-java: needed
cosmic_libapache-poi-java: ignored (reached end-of-life)
disco_libapache-poi-java: not-affected (4.0.1-1)
eoan_libapache-poi-java: not-affected (4.0.1-1)
focal_libapache-poi-java: not-affected (4.0.1-1)
groovy_libapache-poi-java: not-affected (4.0.1-1)
hirsute_libapache-poi-java: not-affected (4.0.1-1)
impish_libapache-poi-java: not-affected (4.0.1-1)
jammy_libapache-poi-java: not-affected (4.0.1-1)
devel_libapache-poi-java: not-affected (4.0.1-1)