https://bugzilla.redhat.com/show_bug.cgi?id=1539989
Bug ID: 1539989 Summary: CVE-2017-12626 poi: Parsing of multiple file types can cause a denial of service via infinite loop or out of memory exception Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@redhat.com Reporter: sfowler@redhat.com CC: aileenc@redhat.com, alazarot@redhat.com, anstephe@redhat.com, chazlett@redhat.com, etirelli@redhat.com, gvarsami@redhat.com, hchiorea@redhat.com, ibek@redhat.com, java-sig-commits@lists.fedoraproject.org, jcoleman@redhat.com, jolee@redhat.com, jstastny@redhat.com, kconner@redhat.com, kverlaen@redhat.com, ldimaggi@redhat.com, lef@fedoraproject.org, lpetrovi@redhat.com, mat.booth@redhat.com, nwallace@redhat.com, paradhya@redhat.com, pavelp@redhat.com, pszubiak@redhat.com, rrajasek@redhat.com, rsynek@redhat.com, rwagner@redhat.com, rzhang@redhat.com, sdaley@redhat.com, tcunning@redhat.com, tkirby@redhat.com, vhalbert@redhat.com
Apache POI versions prior to release 3.17 are vulnerable to Denial of Service (DoS) attacks caused by multiple bugs in parsing specially crafted files.
Parsing of WMF, EMF, MSG files and macros can lead to infinite loops, while parsing DOC, PPT and XLS files can cause out of memory exceptions.
External References: https://nvd.nist.gov/vuln/detail/CVE-2017-12626 https://lists.apache.org/thread.html/453d9af5dbabaccd9afb58d27279a9dbfe8e35f...
https://bugzilla.redhat.com/show_bug.cgi?id=1539989
Sam Fowler sfowler@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018 |0126,reported=20180130,sour |0126,reported=20180130,sour |ce=oss-security,cvss3=5.3/C |ce=oss-security,cvss3=5.3/C |VSS:3.0/AV:N/AC:L/PR:N/UI:N |VSS:3.0/AV:N/AC:L/PR:N/UI:N |/S:U/C:N/I:N/A:L,cwe=(CWE-8 |/S:U/C:N/I:N/A:L,cwe=(CWE-8 |35|CWE-20),fedora-all/apach |35|CWE-20),fedora-all/apach |e-poi=affected,fsw-6/apache |e-poi=affected,fsw-6/poi=ne |-poi=new,fuse-6/apache-poi= |w,fuse-6/poi=new,bpms-6/poi |new,bpms-6/apache-poi=new,b |=new,brms-5/poi=new,brms-6/ |rms-5/apache-poi=new,brms-6 |poi=new,jdv-6/poi=new,jpp-6 |/apache-poi=new,jdv-6/apach |/poi=new,rhel-8/apache-poi= |e-poi=new,jpp-6/apache-poi= |new |new,rhel-8/apache-poi=new |
https://bugzilla.redhat.com/show_bug.cgi?id=1539989
Sam Fowler sfowler@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1539990
--- Comment #1 from Sam Fowler sfowler@redhat.com --- Created apache-poi tracking bugs for this issue:
Affects: fedora-all [bug 1539990]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1539990 [Bug 1539990] CVE-2017-12626 apache-poi: poi: Parsing of multiple file types can cause a denial of service via infinite loop or out of memory exception [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1539989
Sam Fowler sfowler@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1539991
https://bugzilla.redhat.com/show_bug.cgi?id=1539989
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1540098
https://bugzilla.redhat.com/show_bug.cgi?id=1539989
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018 |0126,reported=20180130,sour |0126,reported=20180130,sour |ce=oss-security,cvss3=5.3/C |ce=oss-security,cvss3=5.3/C |VSS:3.0/AV:N/AC:L/PR:N/UI:N |VSS:3.0/AV:N/AC:L/PR:N/UI:N |/S:U/C:N/I:N/A:L,cwe=(CWE-8 |/S:U/C:N/I:N/A:L,cwe=(CWE-8 |35|CWE-20),fedora-all/apach |35|CWE-20),fedora-all/apach |e-poi=affected,fsw-6/poi=ne |e-poi=affected,fsw-6/poi=ne |w,fuse-6/poi=new,bpms-6/poi |w,fuse-6/poi=new,bpms-6/poi |=new,brms-5/poi=new,brms-6/ |=new,brms-5/poi=new,brms-6/ |poi=new,jdv-6/poi=new,jpp-6 |poi=new,jdv-6/poi=new,jpp-6 |/poi=new,rhel-8/apache-poi= |/poi=new,rhel-8/apache-poi= |new |affected
--- Comment #2 from Tomas Hoger thoger@redhat.com --- According to the upstream announcement, this CVE covers 4 issues tracked in the following upstream bugs. Upstream commits relevant to each upstream bug report are also listed:
Avoid infinite loop in corrupt wmf https://bz.apache.org/bugzilla/show_bug.cgi?id=61338 https://svn.apache.org/viewvc?view=revision&revision=1802997
IOUtils.skipFully can run into infinite loop https://bz.apache.org/bugzilla/show_bug.cgi?id=61294 https://svn.apache.org/viewvc?view=revision&revision=1801952 https://svn.apache.org/viewvc?view=revision&revision=1806162
OutOfMemoryError parsing a word file https://bz.apache.org/bugzilla/show_bug.cgi?id=52372 https://svn.apache.org/viewvc?view=revision&revision=1793602
Vector.read -- Java heap space on corrupt file https://bz.apache.org/bugzilla/show_bug.cgi?id=61295 https://svn.apache.org/viewvc?view=revision&revision=1802879
https://bugzilla.redhat.com/show_bug.cgi?id=1539989
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1541351
https://bugzilla.redhat.com/show_bug.cgi?id=1539989
Hooman Broujerdi hghasemb@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018 |0126,reported=20180130,sour |0126,reported=20180130,sour |ce=oss-security,cvss3=5.3/C |ce=oss-security,cvss3=5.3/C |VSS:3.0/AV:N/AC:L/PR:N/UI:N |VSS:3.0/AV:N/AC:L/PR:N/UI:N |/S:U/C:N/I:N/A:L,cwe=(CWE-8 |/S:U/C:N/I:N/A:L,cwe=(CWE-8 |35|CWE-20),fedora-all/apach |35|CWE-20),fedora-all/apach |e-poi=affected,fsw-6/poi=ne |e-poi=affected,fsw-6/poi=ne |w,fuse-6/poi=new,bpms-6/poi |w,fuse-6/poi=affected,bpms- |=new,brms-5/poi=new,brms-6/ |6/poi=new,brms-5/poi=new,br |poi=new,jdv-6/poi=new,jpp-6 |ms-6/poi=new,jdv-6/poi=new, |/poi=new,rhel-8/apache-poi= |jpp-6/poi=new,rhel-8/apache |affected |-poi=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1539989 Bug 1539989 depends on bug 1539990, which changed state.
Bug 1539990 Summary: CVE-2017-12626 apache-poi: poi: Parsing of multiple file types can cause a denial of service via infinite loop or out of memory exception [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1539990
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1539989
--- Comment #5 from errata-xmlrpc errata-xmlrpc@redhat.com --- This issue has been addressed in the following products:
Red Hat JBoss Fuse
Via RHSA-2018:1322 https://access.redhat.com/errata/RHSA-2018:1322
https://bugzilla.redhat.com/show_bug.cgi?id=1539989
errata-xmlrpc errata-xmlrpc@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- External Bug ID| |Red Hat Product Errata | |RHSA-2018:1322
https://bugzilla.redhat.com/show_bug.cgi?id=1539989
Chess Hazlett chazlett@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |drieden@redhat.com, | |jschatte@redhat.com Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018 |0126,reported=20180130,sour |0126,reported=20180130,sour |ce=oss-security,cvss3=5.3/C |ce=oss-security,cvss3=5.3/C |VSS:3.0/AV:N/AC:L/PR:N/UI:N |VSS:3.0/AV:N/AC:L/PR:N/UI:N |/S:U/C:N/I:N/A:L,cwe=(CWE-8 |/S:U/C:N/I:N/A:L,cwe=(CWE-8 |35|CWE-20),fedora-all/apach |35|CWE-20),fedora-all/apach |e-poi=affected,fsw-6/poi=ne |e-poi=affected,fsw-6/poi=wo |w,fuse-6/poi=affected,bpms- |ntfix,fuse-6/poi=affected,b |6/poi=new,brms-5/poi=new,br |pms-6/poi=affected,brms-5/p |ms-6/poi=new,jdv-6/poi=new, |oi=notaffected,brms-6/poi=a |jpp-6/poi=new,rhel-8/apache |ffected,jdv-6/poi=wontfix,j |-poi=affected |pp-6/poi=wontfix,rhel-8/apa | |che-poi=affected
https://bugzilla.redhat.com/show_bug.cgi?id=1539989
Andrej Nemec anemec@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |mat.booth@redhat.com Whiteboard|impact=moderate,public=2018 |impact=moderate,public=2018 |0126,reported=20180130,sour |0126,reported=20180130,sour |ce=oss-security,cvss3=5.3/C |ce=oss-security,cvss3=5.3/C |VSS:3.0/AV:N/AC:L/PR:N/UI:N |VSS:3.0/AV:N/AC:L/PR:N/UI:N |/S:U/C:N/I:N/A:L,cwe=(CWE-8 |/S:U/C:N/I:N/A:L,cwe=(CWE-8 |35|CWE-20),fedora-all/apach |35|CWE-20),fedora-all/apach |e-poi=affected,fsw-6/poi=wo |e-poi=affected,fsw-6/poi=wo |ntfix,fuse-6/poi=affected,b |ntfix,fuse-6/poi=affected,b |pms-6/poi=affected,brms-5/p |pms-6/poi=affected,brms-5/p |oi=notaffected,brms-6/poi=a |oi=notaffected,brms-6/poi=a |ffected,jdv-6/poi=wontfix,j |ffected,jdv-6/poi=wontfix,j |pp-6/poi=wontfix,rhel-8/apa |pp-6/poi=wontfix,rhel-8/apa |che-poi=affected |che-poi=notaffected
java-sig-commits@lists.fedoraproject.org