Description

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

Remediation

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-February/150228.html

http://poi.apache.org/changes.html

http://secunia.com/advisories/61953

http://www.securityfocus.com/bid/77726

http://www-01.ibm.com/support/docview.wss?uid=swg21996759

https://access.redhat.com/errata/RHSA-2016:1135

https://issues.apache.org/bugzilla/show_bug.cgi?id=57272

Related Vulnerabilities

CVE-2014-3742 Vulnerability in npm package hapi

CVE-2013-2160 Vulnerability in maven package org.apache.cxf:cxf-parent

CVE-2009-4875 Vulnerability in maven package net.fckeditor:java-core

CVE-2012-6551 Vulnerability in maven package org.apache.activemq:apache-activemq

CVE-2011-4858 Vulnerability in maven package org.apache.tomcat:catalina

Severity

Critical

Classification

CWE-399