CVE-2017-12626 — HIGH (7.5)

Q: How severe is CVE-2017-12626?

CVE-2017-12626 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-12626?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Poi.

Vulnerability Description

Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).

CVSS Score

7.5

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Apache	Poi	< 3.17

Related Weaknesses (CWE)

CWE-835

References

FAQ

What is CVE-2017-12626?

CVE-2017-12626 is a vulnerability with a CVSS score of 7.5 (HIGH). Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Mem...

How severe is CVE-2017-12626?

CVE-2017-12626 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-12626?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Poi.