You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@poi.apache.org by PJ Fanning <fa...@apache.org> on 2022/03/04 12:11:43 UTC

Fwd: CVE-2022-26336: poi-scratchpad: A carefully crafted TNEF file can cause an out of memory exception

Severity: moderate

Description:

A shortcoming in the HMEF package of poi-scratchpad (Apache POI)
allows an attacker to cause an Out of Memory exception. This package
is used to read TNEF files (Microsoft Outlook and Microsoft Exchange
Server). If an application uses poi-scratchpad to parse TNEF files and
the application allows untrusted users to supply them, then a
carefully crafted file can cause an Out of Memory exception. This
issue affects poi-scratchpad version 5.2.0 and prior versions. Users
are recommended to upgrade to poi-scratchpad 5.2.1.

This issue is being tracked as
https://bz.apache.org/bugzilla/show_bug.cgi?id=65899

Credit:

Apache POI would like to thank Craig Haft of Yahoo Inc. for reporting
and providing a patch for this issue.

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@poi.apache.org
For additional commands, e-mail: user-help@poi.apache.org