VDB
CVE-2017-12626
CVE-2017-12626
PUBLISHED
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).
EPSS 1.11% · 78.5th percentile
Risk Scores
EPSS Score
1.11%
78.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | libapache-poi-java | 0, 4.0.1-1~18.03, 3.10.1-3 |
| Ubuntu:16.04:LTS | libapache-poi-java | 0, 3.10.1-2 |
Exploit Intelligence
Timeline
- Jan 29, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 15, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-12626 third-party-advisory
- https://bz.apache.org/bugzilla/show_bug.cgi?id=61338 third-party-advisory
- https://bz.apache.org/bugzilla/show_bug.cgi?id=61294 third-party-advisory
- https://bz.apache.org/bugzilla/show_bug.cgi?id=52372 third-party-advisory
- https://bz.apache.org/bugzilla/show_bug.cgi?id=61295 third-party-advisory
- https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f4e5ea1645ddd6960b@%3Cdev.poi.apache.org%3E third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-12626 third-party-advisory