CVE-2012-0213

Name of the Vulnerable Software and Affected Versions Apache POI versions 3.8 and earlier

Description The issue allows remote attackers to cause a denial of service, potentially leading to an OutOfMemoryError exception and JVM destabilization, by exploiting a crafted length value in a Channel Definition Format (CDF) or Compound File Binary Format (CFBF) document. This is due to a problem in the UnhandledDataStructure function.

Recommendations For Apache POI versions 3.8 and earlier, consider updating to a version later than 3.8 to resolve the issue. As a temporary workaround, restrict the processing of CDF or CFBF documents from untrusted sources to minimize the risk of exploitation.