QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2022-26336

Back to search

CVE-2022-26336

Published: Mar 4, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.

VendorProductVersions

Apache Software Foundation

poi-scratchpad

affected
unspecified - <= 5.2.0

Weaknesses (CWE)

CWE-770
CWE-20

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now