Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via or IRC
Bug 430580 - dev-java/poi: Denial of Service (CVE-2012-0213)
Summary: dev-java/poi: Denial of Service (CVE-2012-0213)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa]
Keywords: PMASKED
Depends on: 402757
  Show dependency tree
Reported: 2012-08-09 13:18 UTC by GLSAMaker/CVETool Bot
Modified: 2015-12-20 15:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2012-08-09 13:18:04 UTC
CVE-2012-0213 (
  The UnhandledDataStructure function in
  hwpf/model/ in Apache POI 3.8 and earlier allows
  remote attackers to cause a denial of service (OutOfMemoryError exception
  and possibly JVM destabilization) via a crafted length value in a Channel
  Definition Format (CDF) or Compound File Binary Format (CFBF) document.




(SECUNIA) 49040

(FEDORA) FEDORA-2012-10835
Comment 1 Patrice Clement gentoo-dev 2015-11-12 16:55:31 UTC
Package masked for removal. We will close this bug after the removal.
Comment 2 Kristian Fiskerstrand gentoo-dev Security 2015-11-12 21:53:43 UTC
GLSA Vote: No
Comment 3 Patrice Clement gentoo-dev 2015-12-13 18:34:25 UTC
Package removed.

Security team, please vote.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2015-12-20 15:13:26 UTC
GLSA Vote: No

Thank you all. Closing as noglsa.