5

CVE-2012-0213

The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApachePoi Version <= 3.8
ApachePoi Version0.1
ApachePoi Version0.2
ApachePoi Version0.3
ApachePoi Version0.4
ApachePoi Version0.5
ApachePoi Version0.6
ApachePoi Version0.7
ApachePoi Version0.10.0
ApachePoi Version0.11.0
ApachePoi Version0.12.0
ApachePoi Version0.13.0
ApachePoi Version0.14.0
ApachePoi Version1.0.0
ApachePoi Version1.0.1
ApachePoi Version1.0.2
ApachePoi Version1.1.0
ApachePoi Version1.2.0
ApachePoi Version1.5
ApachePoi Version1.5.1
ApachePoi Version1.7 Updatedev
ApachePoi Version1.8 Updatedev
ApachePoi Version1.10 Updatedev
ApachePoi Version2.0
ApachePoi Version2.0 Updatepre1
ApachePoi Version2.0 Updatepre2
ApachePoi Version2.0 Updatepre3
ApachePoi Version2.0 Updaterc1
ApachePoi Version2.0 Updaterc2
ApachePoi Version2.5
ApachePoi Version2.5.1
ApachePoi Version3.0
ApachePoi Version3.0 Updatealpha1
ApachePoi Version3.0 Updatealpha2
ApachePoi Version3.0 Updatealpha3
ApachePoi Version3.0.1
ApachePoi Version3.0.2
ApachePoi Version3.0.2 Updatebeta1
ApachePoi Version3.0.2 Updatebeta2
ApachePoi Version3.1
ApachePoi Version3.1 Updatebeta1
ApachePoi Version3.1 Updatebeta2
ApachePoi Version3.2
ApachePoi Version3.5
ApachePoi Version3.5 Updatebeta1
ApachePoi Version3.5 Updatebeta2
ApachePoi Version3.5 Updatebeta3
ApachePoi Version3.5 Updatebeta4
ApachePoi Version3.5 Updatebeta5
ApachePoi Version3.5 Updatebeta6
ApachePoi Version3.6
ApachePoi Version3.7
ApachePoi Version3.7 Updatebeta1
ApachePoi Version3.7 Updatebeta2
ApachePoi Version3.7 Updatebeta3
ApachePoi Version3.8 Updatebeta1
ApachePoi Version3.8 Updatebeta2
ApachePoi Version3.8 Updatebeta3
ApachePoi Version3.8 Updatebeta4
ApachePoi Version3.8 Updatebeta5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.5% 0.937
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://rhn.redhat.com/errata/RHSA-2012-1232.html
http://secunia.com/advisories/50549
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084609.html
http://secunia.com/advisories/49040
Vendor Advisory
http://www-01.ibm.com/support/docview.wss?uid=swg21996759
http://www.debian.org/security/2012/dsa-2468
http://www.mandriva.com/security/advisories?name=MDVSA-2013:094
http://www.securityfocus.com/bid/53487
https://bugzilla.redhat.com/show_bug.cgi?id=799078
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0044