The UnhandledDataStructure function in hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows remote attackers to cause a denial of service (OutOfMemoryError exception and possibly JVM destabilization) via a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Poi | Apache | * | 3.8 (including) |
| Poi | Apache | 0.1 (including) | 0.1 (including) |
| Poi | Apache | 0.2 (including) | 0.2 (including) |
| Poi | Apache | 0.3 (including) | 0.3 (including) |
| Poi | Apache | 0.4 (including) | 0.4 (including) |
| Poi | Apache | 0.5 (including) | 0.5 (including) |
| Poi | Apache | 0.6 (including) | 0.6 (including) |
| Poi | Apache | 0.7 (including) | 0.7 (including) |
| Poi | Apache | 0.10.0 (including) | 0.10.0 (including) |
| Poi | Apache | 0.11.0 (including) | 0.11.0 (including) |
| Poi | Apache | 0.12.0 (including) | 0.12.0 (including) |
| Poi | Apache | 0.13.0 (including) | 0.13.0 (including) |
| Poi | Apache | 0.14.0 (including) | 0.14.0 (including) |
| Poi | Apache | 1.0.0 (including) | 1.0.0 (including) |
| Poi | Apache | 1.0.1 (including) | 1.0.1 (including) |
| Poi | Apache | 1.0.2 (including) | 1.0.2 (including) |
| Poi | Apache | 1.1.0 (including) | 1.1.0 (including) |
| Poi | Apache | 1.2.0 (including) | 1.2.0 (including) |
| Poi | Apache | 1.5 (including) | 1.5 (including) |
| Poi | Apache | 1.5.1 (including) | 1.5.1 (including) |
| Poi | Apache | 1.7-dev (including) | 1.7-dev (including) |
| Poi | Apache | 1.8-dev (including) | 1.8-dev (including) |
| Poi | Apache | 1.10-dev (including) | 1.10-dev (including) |
| Poi | Apache | 2.0 (including) | 2.0 (including) |
| Poi | Apache | 2.0-pre1 (including) | 2.0-pre1 (including) |
| Poi | Apache | 2.0-pre2 (including) | 2.0-pre2 (including) |
| Poi | Apache | 2.0-pre3 (including) | 2.0-pre3 (including) |
| Poi | Apache | 2.0-rc1 (including) | 2.0-rc1 (including) |
| Poi | Apache | 2.0-rc2 (including) | 2.0-rc2 (including) |
| Poi | Apache | 2.5 (including) | 2.5 (including) |
| Poi | Apache | 2.5.1 (including) | 2.5.1 (including) |
| Poi | Apache | 3.0 (including) | 3.0 (including) |
| Poi | Apache | 3.0-alpha1 (including) | 3.0-alpha1 (including) |
| Poi | Apache | 3.0-alpha2 (including) | 3.0-alpha2 (including) |
| Poi | Apache | 3.0-alpha3 (including) | 3.0-alpha3 (including) |
| Poi | Apache | 3.0.1 (including) | 3.0.1 (including) |
| Poi | Apache | 3.0.2 (including) | 3.0.2 (including) |
| Poi | Apache | 3.0.2-beta1 (including) | 3.0.2-beta1 (including) |
| Poi | Apache | 3.0.2-beta2 (including) | 3.0.2-beta2 (including) |
| Poi | Apache | 3.1 (including) | 3.1 (including) |
| Poi | Apache | 3.1-beta1 (including) | 3.1-beta1 (including) |
| Poi | Apache | 3.1-beta2 (including) | 3.1-beta2 (including) |
| Poi | Apache | 3.2 (including) | 3.2 (including) |
| Poi | Apache | 3.5 (including) | 3.5 (including) |
| Poi | Apache | 3.5-beta1 (including) | 3.5-beta1 (including) |
| Poi | Apache | 3.5-beta2 (including) | 3.5-beta2 (including) |
| Poi | Apache | 3.5-beta3 (including) | 3.5-beta3 (including) |
| Poi | Apache | 3.5-beta4 (including) | 3.5-beta4 (including) |
| Poi | Apache | 3.5-beta5 (including) | 3.5-beta5 (including) |
| Poi | Apache | 3.5-beta6 (including) | 3.5-beta6 (including) |
| Poi | Apache | 3.6 (including) | 3.6 (including) |
| Poi | Apache | 3.7 (including) | 3.7 (including) |
| Poi | Apache | 3.7-beta1 (including) | 3.7-beta1 (including) |
| Poi | Apache | 3.7-beta2 (including) | 3.7-beta2 (including) |
| Poi | Apache | 3.7-beta3 (including) | 3.7-beta3 (including) |
| Poi | Apache | 3.8-beta1 (including) | 3.8-beta1 (including) |
| Poi | Apache | 3.8-beta2 (including) | 3.8-beta2 (including) |
| Poi | Apache | 3.8-beta3 (including) | 3.8-beta3 (including) |
| Poi | Apache | 3.8-beta4 (including) | 3.8-beta4 (including) |
| Poi | Apache | 3.8-beta5 (including) | 3.8-beta5 (including) |