CVE 2017-12626
Apache POI in versions prior to release 3.17 are vulnerable to Denial of Service Attacks: 1) Infinite Loops while parsing crafted WMF, EMF, MSG and macros (POI bugs 61338 and 61294), and 2) Out of Memory Exceptions while parsing crafted DOC, PPT and XLS (POI bugs 52372 and 61295).
Related bugs and status
CVE-2017-12626 (Candidate) is related to these bugs:
Bug #1814133: update to openjdk 11 in 18.04 LTS
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1814133 | update to openjdk 11 in 18.04 LTS | saaj (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | ca-certificates-java (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jaxws-api (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jws-api (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | metro-policy (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-debian-helper (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | testng (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | plexus-languages (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libcommons-lang3-java (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | dd-plist (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | clojure1.8 (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gradle (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jtreg (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-compiler-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | surefire (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gradle-debian-helper (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | groovy (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jasperreports (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | octave (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gettext (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | insubstantial (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | java-common (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | javatools (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jnr-posix (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jruby (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jython (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libgpars-groovy-java (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | logback (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-javadoc-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | openjdk-lts (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | openjfx (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | scala (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | openjdk-11-jre-dcevm (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jameica-util (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libreoffice (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libreoffice-l10n (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gatk-native-bindings (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gkl (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | htsjdk (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jameica (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jameica-datasource (Ubuntu) | Undecided | Invalid | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-bundle-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-enforcer (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-plugin-tools (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | maven-jaxb2-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jruby-openssl (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | visualvm (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libjogl2-java (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | fonts-liberation2 (Ubuntu) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | libjavaewah-java (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | scilab (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | gluegen2 (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | ecj (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | activemq (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | afterburner.fx (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | annotation-indexer (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | apache-directory-server (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | aspectj (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | aspectj-maven-plugin (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | batik (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | bindex (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | bridge-method-injector (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | carrotsearch-hppc (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | commons-httpclient (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | eclipselink (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | elki (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | clojure (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | figtree (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | fontawesomefx (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | hikaricp (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | hsqldb (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | hsqldb1.8.0 (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jabref (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jackson-core (Ubuntu Bionic) | Undecided | Fix Released | ||
| 1814133 | update to openjdk 11 in 18.04 LTS | jackson-databind (Ubuntu Bionic) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
