CVE-2014-9527 - HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infini

CVE-2014-9527

Summary

HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.

References

Vulnerable Configurations

cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.5:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.5:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.7:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.7:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.8:beta3:*:*:*:*:*:*
cpe:2.3:a:apache:poi:3.8:beta3:*:*:*:*:*:*

CVSS

CWE

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

redhat via4

advisories

rhsa

id	RHSA-2016:1135

refmap via4

bid	77726
confirm	http://poi.apache.org/changes.html http://www-01.ibm.com/support/docview.wss?uid=swg21996759 https://issues.apache.org/bugzilla/show_bug.cgi?id=57272
fedora	FEDORA-2015-2090
secunia	61953

Last major update

11-02-2017 - 02:59

Published

06-01-2015 - 15:59

Last modified

11-02-2017 - 02:59