Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2012-0213
The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
| Software | From | Fixed in |
|---|---|---|
| apache / poi | 2.5 | 2.5.x |
| apache / poi | 0.2 | 0.2.x |
| apache / poi | 3.7-beta3 | 3.7-beta3.x |
| apache / poi | 3.0.2-beta2 | 3.0.2-beta2.x |
| apache / poi | 3.0.1 | 3.0.1.x |
| apache / poi | 3.5 | 3.5.x |
| apache / poi | 1.10-dev | 1.10-dev.x |
| apache / poi | 1.0.2 | 1.0.2.x |
| apache / poi | 2.0-pre3 | 2.0-pre3.x |
| apache / poi | 3.5-beta6 | 3.5-beta6.x |
| apache / poi | 3.7 | 3.7.x |
| apache / poi | 3.0.2-beta1 | 3.0.2-beta1.x |
| apache / poi | 3.5-beta1 | 3.5-beta1.x |
| apache / poi | 1.7-dev | 1.7-dev.x |
| apache / poi | 0.14.0 | 0.14.0.x |
| apache / poi | 0.3 | 0.3.x |
| apache / poi | 1.5.1 | 1.5.1.x |
| apache / poi | 1.2.0 | 1.2.0.x |
| apache / poi | 3.0-alpha1 | 3.0-alpha1.x |
| apache / poi | 3.8-beta3 | 3.8-beta3.x |
| apache / poi | 2.5.1 | 2.5.1.x |
| apache / poi | 3.0 | 3.0.x |
| apache / poi | 0.13.0 | 0.13.0.x |
| apache / poi | 3.5-beta2 | 3.5-beta2.x |
| apache / poi | 2.0-rc2 | 2.0-rc2.x |
| apache / poi | 0.7 | 0.7.x |
| apache / poi | 0.5 | 0.5.x |
| apache / poi | 1.0.1 | 1.0.1.x |
| apache / poi | 3.7-beta1 | 3.7-beta1.x |
| apache / poi | 3.8-beta5 | 3.8-beta5.x |
| apache / poi | 2.0 | 2.0.x |
| apache / poi | 3.7-beta2 | 3.7-beta2.x |
| apache / poi | 2.0-pre1 | 2.0-pre1.x |
| apache / poi | 3.8-beta4 | 3.8-beta4.x |
| apache / poi | 3.5-beta5 | 3.5-beta5.x |
| apache / poi | 0.11.0 | 0.11.0.x |
| apache / poi | 3.0-alpha2 | 3.0-alpha2.x |
| apache / poi | 3.8-beta1 | 3.8-beta1.x |
| apache / poi | 0.1 | 0.1.x |
| apache / poi | 3.1-beta2 | 3.1-beta2.x |
| apache / poi | 3.8-beta2 | 3.8-beta2.x |
| apache / poi | 3.2 | 3.2.x |
| apache / poi | 3.5-beta4 | 3.5-beta4.x |
| apache / poi | 3.6 | 3.6.x |
| apache / poi | 1.8-dev | 1.8-dev.x |
| apache / poi | 3.0.2 | 3.0.2.x |
| apache / poi | 2.0-rc1 | 2.0-rc1.x |
| apache / poi | 0.4 | 0.4.x |
| apache / poi | - | 3.8.x |
| apache / poi | 2.0-pre2 | 2.0-pre2.x |
| apache / poi | 0.12.0 | 0.12.0.x |
| apache / poi | 3.1 | 3.1.x |
| apache / poi | 0.6 | 0.6.x |
| apache / poi | 3.5-beta3 | 3.5-beta3.x |
| apache / poi | 0.10.0 | 0.10.0.x |
| apache / poi | 3.0-alpha3 | 3.0-alpha3.x |
| apache / poi | 3.1-beta1 | 3.1-beta1.x |
| apache / poi | 1.5 | 1.5.x |
| apache / poi | 1.1.0 | 1.1.0.x |
| apache / poi | 1.0.0 | 1.0.0.x |
org.apache.poi / poi
|
- | 3.9 |
- http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084609.html
- http://rhn.redhat.com/errata/RHSA-2012-1232.html
- http://secunia.com/advisories/49040
- http://secunia.com/advisories/50549
- http://www-01.ibm.com/support/docview.wss?uid=swg21996759
- http://www.debian.org/security/2012/dsa-2468
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:094
- http://www.securityfocus.com/bid/53487
- https://bugzilla.redhat.com/show_bug.cgi?id=799078
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0044