poi-scratchpad is vulnerable to denial of service. An attacker can cause an application crash through the out of memory exception by submitting the malicious TNEF file to the TNEFAttribute
parameter in the create
function of MAPIAttribute.java
CPE | Name | Operator | Version |
---|---|---|---|
apache poi | eq | 3.9 | |
apache poi | le | 5.2.0 | |
apache poi | le | 3.16 | |
apache poi | le | 3.15 | |
apache poi | le | 3.13 | |
apache poi | le | 3.17 | |
apache poi | le | 4.1.2 | |
apache poi | le | 3.10.1 | |
apache poi | le | 3.11 | |
apache poi | le | 3.14 |