Security Information / 2012 / Security Information -- DSA-2468-1 libjakarta-poi-java

Debian Security Advisory

DSA-2468-1 libjakarta-poi-java -- unbounded memory allocation

Date Reported:

09 May 2012

Affected Packages:

libjakarta-poi-java

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2012-0213.

More information:

It was discovered that Apache POI, a Java implementation of the Microsoft Office file formats, would allocate arbitrary amounts of memory when processing crafted documents. This could impact the stability of the Java virtual machine.

For the stable distribution (squeeze), this problem has been fixed in version 3.6+dfsg-1+squeeze1.

We recommend that you upgrade your libjakarta-poi-java packages.